Lucene search
+L

26310 matches found

RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits22References6
NVD
NVD
added 2 days ago6 views

CVE-2026-62294

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS0.00101EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References6
CVE
CVE
added 2 days ago7 views

CVE-2026-62294

Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS0.00101EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits22References6
NVD
NVD
added 2 days ago6 views

CVE-2026-49501

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS0.00105EPSS
Exploits0References1
CVE
CVE
added 2 days ago4 views

CVE-2026-40633

Summary: Dell PowerScale OneFS contains an information disclosure vulnerability (Insertion of Sensitive Information into Log File) affecting PowerScale OneFS 9.5.0.0–9.10.1.7 and 9.11.0.0–9.13.0.2. A low-privilege, local attacker could exploit this to disclose information. Affected products/versi...

7.8CVSS6.1AI score0.00109EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44607

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS6.1AI score0.00109EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS0.0009EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-15751

CVE-2026-15751 affects the mastergo-design mastergo-magic-mcp component set up to version 0.2.0. The vulnerability targets the execute function in mastergo/component-workflow.md for mcp__getComponentGenerator, where manipulation of the rootPath argument enables path traversal. Exploitation is loc...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-14685

A flaw was found in HdrHistogram. A local attacker could exploit this vulnerability by manipulating the 'Count' argument within the recordValueWithCount function. This manipulation leads to a state issue, which could impact the integrity of data processing within the affected component. Mitigatio...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References9
NVD
NVD
added 3 days ago4 views

CVE-2026-58637

Use after free in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-58628

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Wireless Networking allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-57968

Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-57101

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS0.00422EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-56650

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-56195

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

5.5CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-55124

Improper validation of specified type of input in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

5.5CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder