1371 matches found
CVE-2026-16082 Sipeed PicoClaw pipeline_execute.go ExecTool.executeRun toctou
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...
CVE-2026-16082
Summary of CVE-2026-16082 : Affects Sipeed PicoClaw up to version 0.2.9. The vulnerability is in the function ExecTool.executeRun (file: pkg/agent/pipeline_execute.go) where manipulation of the argument cwe leads to a time-of-check time-of-use issue. Exploitation is local, and a public exploit is...
CVE-2026-15380
CVE-2026-15380 : A non-admin interactive user can achieve full SYSTEM code execution via a DCOM/task scheduler logic chain in Symantec ITMS. No network access or memory corruption required. Connected records confirm the vulnerability and impact as stated; no explicit exploit details, mitigations,...
EUVD-2026-44744
Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-47470
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service...
NTFS Elevation of Privilege Vulnerability
Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally...
Windows Runtime Elevation of Privilege Vulnerability
Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally...
Microsoft PC Manager Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
CVE-2026-15669
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...
EUVD-2026-43598
A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...
CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability
Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...
EUVD-2026-43197
A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...
UBUNTU-CVE-2026-15185
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...
PT-2026-56991
Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...
Linux Distros Unpatched Vulnerability : CVE-2026-14685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file...
GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`
Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...
UBUNTU-CVE-2026-14801
A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...
CVE-2026-14788
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...
PT-2026-56087
Name of the Vulnerable Software and Affected Versions flyto-core version 2.26.2 Description An unauthenticated OS command injection exists in the HTTP MCP endpoint. The endpoint POST /mcp accepts JSON-RPC tools/call requests without authentication and dispatches them to registered modules...