21832 matches found
CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-13769
A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...
EUVD-2026-41131
NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...
PT-2026-54637
Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...
CVE-2026-12086
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...
Amazon Kiro IDE < 0.11.133 Incorrect Default Permissions
The version of Amazon Kiro IDE installed on the remote host is prior to 0.11.133. It is, therefore, affected by an information disclosure vulnerability. - Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other...
CVE-2026-56301
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...
EUVD-2026-38436
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...
PT-2026-51509
Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...
EUVD-2026-38272
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
SUSE-SU-2026:22263-1 Security update for firewalld
This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...
kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync
A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2016-20093
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...
EUVD-2025-210288
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path in the SecureLine service, enabling local non-privileged users to execute code with SYSTEM privileges. The vulnerability affects the service configuration’s binary path and can lead to high impact on confidentiality, integrity, and availabil...
CVE-2025-71326 AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2016-20093
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...