17069 matches found
CVE-2026-8920
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
EUVD-2026-44586
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
CVE-2026-8920
The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...
EUVD-2026-43652
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 EOL allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database...
CVE-2026-14852 mk_sap_hana: Privilege escalation via crafted sapstartsrv process name
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 EOL allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database...
CVE-2026-14852
CVE-2026-14852 : Privilege escalation in Checkmk affecting versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL). A local unprivileged user can execute arbitrary commands as root by exploiting the mk_sap_hana agent plugin, which derives SAP HANA instance ide...
CVE-2026-6851
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
CVE-2026-6851
The CVE-2026-6851 entry concerns Bitdefender products on Windows: Bitdefender Total Security and Bitdefender Internet Security, specifically the File Shredder module. The vulnerability is described as an improper link resolution before file access (link following) that enables a less-privileged l...
CVE-2026-0276
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...
CVE-2026-0276
CVE-2026-0276 describes a privilege escalation in Palo Alto Networks Cortex XDR Broker VM, enabling a locally authenticated user to perform actions as root. Public details in the provided documents are limited to the existence of a local-privilege escalation with low attack complexity and low imp...
CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...
CVE-2026-0278
Summary: CVE-2026-0278 affects the Prisma Access Agent on Windows, where multiple protection mechanism failures in the Data Loss Prevention (DLP) component allow bypass of DLP policy enforcement. The macOS agent is not affected. Affected versions: 24.0 through 26.2. Impact: DLP controls can be ci...
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
EUVD-2026-42547
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-56459
CVE-2026-56459 affects HCL DevOps Deploy / HCL Launch. The issue: the application stores potentially sensitive information in log files, which could be read by a local user, enabling sensitive data disclosure. Details in the provided documents indicate a local-access exposure due to log handling,...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...
CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
nodejs: Node.js: Unauthorized file metadata modification
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...