Lucene search
K

1364 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-44744

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-47470

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS0.0012EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2 days ago5 views

NTFS Elevation of Privilege Vulnerability

Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00245EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2 days ago4 views

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

8.8CVSS6.1AI score0.00278EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2 days ago4 views

Windows Runtime Elevation of Privilege Vulnerability

Use after free in Windows Runtime allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00188EPSS
Exploits0
NVD
NVD
added 2 days ago7 views

CVE-2026-15669

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS0.00622EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43197

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
OSV
OSV
added last week4 views

UBUNTU-CVE-2026-15185

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS5.5AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56991

Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...

4.8CVSS6.1AI score0.0012EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file...

4.8CVSS5.7AI score0.00118EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 5:41 p.m.5 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:16 a.m.4 views

UBUNTU-CVE-2026-14801

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:45 a.m.9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56087

Name of the Vulnerable Software and Affected Versions flyto-core version 2.26.2 Description An unauthenticated OS command injection exists in the HTTP MCP endpoint. The endpoint POST /mcp accepts JSON-RPC tools/call requests without authentication and dispatches them to registered modules...

8.4CVSS6.3AI score
Exploits0References7
OSV
OSV
added 2026/07/05 3:16 p.m.5 views

UBUNTU-CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

5.5CVSS5.5AI score0.00131EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 a.m.12 views

CVE-2026-14723

A vulnerability was determined in AD-Security ADMiner 1.9.0. Affected is the function requesta of the file adminer/scripts/analysecache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull request ...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 a.m.9 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/07/05 3:15 a.m.20 views

CVE-2026-14699

CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
Rows per page
Query Builder