Lucene search
K

4835 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00142EPSS
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-54371

The CVE affects the attr utilities (getfattr/setfattr) with versions before 2.6.0. Root cause is a symlink traversal during directory hierarchy traversal, enabling local privilege escalation when a privileged process uses getfattr/setfattr on attacker-controlled paths. The documents do not provid...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References6
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-13523

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-13523 GPAC ISOBMFF base_encoding.c data amplification

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS0.00112EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13502 antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS0.00091EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40000

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52444

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An OS Command Injection issue exists where special elements used in an OS command are not properly neutralized. This allows a low privileged attacker with local...

7.8CVSS6.1AI score0.00693EPSS
Exploits0References4
NVD
NVD
added last week5 views

CVE-2025-60468

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

5.5CVSS0.0013EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/22 2:46 a.m.4 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References7
NVD
NVD
added 2026/06/22 12:16 a.m.9 views

CVE-2026-12823

A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and...

4.8CVSS0.00115EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 11:45 p.m.34 views

CVE-2026-12823 Browserbase Autobrowse Trace Artifact default permission

A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and...

4.8CVSS0.00115EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 11:30 p.m.33 views

CVE-2026-12822 langflow-ai langflow Bundle URL Loader code injection

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

5.3CVSS0.00188EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 11:30 p.m.10 views

CVE-2026-12822

Langflow AI langflow

7.8CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/06/21 8:16 a.m.13 views

CVE-2026-12782

A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...

8.5CVSS0.00109EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 7:0 a.m.33 views

CVE-2026-12784 IM-Magic Partition Resizer Kernel Driver MDA_NTDRV.sys access control

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDANTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...

8.5CVSS0.00113EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 6:16 a.m.9 views

CVE-2026-12778

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

8.5CVSS0.00113EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 6:0 a.m.17 views

CVE-2026-12782

The CVE-2026-12782 entry concerns EaseUS Partition Master (up to 14.5). The affected component is EUEDKEPM.sys (Kernel Driver); a flaw in an unknown function leads to improper access controls. It requires local access to exploit, and an exploit has been publicly released. Impact is described as h...

8.5CVSS6.6AI score0.00109EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 5:0 a.m.32 views

CVE-2026-12778 AOMEI Partition Assistant Kernel Driver ampa10.sys access control

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

8.5CVSS0.00113EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libde265

A buffer overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code through the SAO Sample Adaptive Offset processing of libde265...

6.2CVSS7.9AI score0.00215EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Augeas

A vulnerability has been discovered in Hercules Augeas 1.14.1 and is classified as problematic. This vulnerability affects the recaseexpand function of the src/fa.c file. Manipulation of the re argument leads to a null pointer dereference. Local attacks are required to exploit this vulnerability...

4.8CVSS4.4AI score0.00241EPSS
Exploits1References2
Rows per page
Query Builder