Lucene search
+L

1371 matches found

Cvelist
Cvelist
added yesterday11 views

CVE-2026-16082 Sipeed PicoClaw pipeline_execute.go ExecTool.executeRun toctou

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...

5.3CVSS0.00091EPSS
Exploits0References6
CVE
CVE
added yesterday7 views

CVE-2026-16082

Summary of CVE-2026-16082 : Affects Sipeed PicoClaw up to version 0.2.9. The vulnerability is in the function ExecTool.executeRun (file: pkg/agent/pipeline_execute.go) where manipulation of the argument cwe leads to a time-of-check time-of-use issue. Exploitation is local, and a public exploit is...

5.3CVSS5.4AI score0.00091EPSS
Exploits0References6
CVE
CVE
added 2 days ago14 views

CVE-2026-15380

CVE-2026-15380 : A non-admin interactive user can achieve full SYSTEM code execution via a DCOM/task scheduler logic chain in Symantec ITMS. No network access or memory corruption required. Connected records confirm the vulnerability and impact as stated; no explicit exploit details, mitigations,...

5.1CVSS6.2AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44744

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS6.1AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-47470

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 5 days ago4 views

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

8.8CVSS6.1AI score0.00278EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 5 days ago6 views

Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00188EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 5 days ago7 views

NTFS Elevation of Privilege Vulnerability

Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00245EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 5 days ago15 views

Windows File Explorer Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS6.1AI score0.00362EPSS
Exploits0
NVD
NVD
added 5 days ago8 views

CVE-2026-15669

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS0.00622EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/12 2:15 a.m.8 views

EUVD-2026-43197

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
OSV
OSV
added 2026/07/09 2:16 p.m.4 views

UBUNTU-CVE-2026-15185

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS5.5AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56991

Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...

4.8CVSS6.1AI score0.0012EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-14685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file...

4.8CVSS5.7AI score0.00118EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 5:41 p.m.5 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:16 a.m.4 views

UBUNTU-CVE-2026-14801

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:45 a.m.9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56087

Name of the Vulnerable Software and Affected Versions flyto-core version 2.26.2 Description An unauthenticated OS command injection exists in the HTTP MCP endpoint. The endpoint POST /mcp accepts JSON-RPC tools/call requests without authentication and dispatches them to registered modules...

8.4CVSS6.3AI score
Exploits0References7
Rows per page
Query Builder