Lucene search
K

21832 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-56459

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.9AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-13769

A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...

6.8CVSS5.9AI score0.00101EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 7:27 p.m.7 views

EUVD-2026-41131

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6AI score0.00191EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54637

Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...

6.8CVSS5.8AI score0.00101EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-12086

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Amazon Kiro IDE < 0.11.133 Incorrect Default Permissions

The version of Amazon Kiro IDE installed on the remote host is prior to 0.11.133. It is, therefore, affected by an information disclosure vulnerability. - Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other...

6.8CVSS6AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.15 views

CVE-2026-56301

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38436

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51509

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/22 3:31 p.m.6 views

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 3:12 p.m.2 views

SUSE-SU-2026:22263-1 Security update for firewalld

This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.6 views

kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

7.8CVSS7.3AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.12 views

CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.9 views

EUVD-2025-210288

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 2:16 p.m.14 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path in the SecureLine service, enabling local non-privileged users to execute code with SYSTEM privileges. The vulnerability affects the service configuration’s binary path and can lead to high impact on confidentiality, integrity, and availabil...

8.5CVSS6AI score0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.32 views

CVE-2025-71326 AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS0.00127EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.14 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...

8.5CVSS6AI score0.00127EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.5 views

CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder