Lucene search
+L

7235 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by improper implementations in the Mojo component. This vulnerability could allow local attackers to execute operating system-level privilege...

8.8CVSS5.4AI score0.0016EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.26 views

CyberArk Idira Endpoint Privilege Manager 安全漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Vulnerabilities existed in versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5. These vulnerabilities stemmed from improper access control in the...

8.9CVSS5.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48624

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.7 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Palo Alto Networks Prisma Access Agent for Linux 安全漏洞

Palo Alto Networks Prisma Access Agent for Linux is a Linux terminal security access client provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Access Agent for Linux, which stems from a security control bypass. This vulnerability could allow local...

6.9CVSS5.3AI score0.00095EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:41 a.m.10 views

CVE-2026-28262

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...

6CVSS5.4AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48147

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-52483

Name of the Vulnerable Software and Affected Versions Schneider Electric Saitel DR affected versions not specified Schneider Electric EasyLogic T150 affected versions not specified Description An incorrect permission assignment for a critical resource allows an attacker with privileged local acce...

6.7CVSS5.8AI score0.00109EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Dell iDRAC Tools 后置链接漏洞

Dell iDRAC Tools are a series of tools developed by the American company Dell for managing and maintaining Dell servers. Versions of Dell iDRAC Tools prior to 11.4.1.0 contained a post-link vulnerability, which stemmed from improper link resolution before file access. This vulnerability could all...

6CVSS5.3AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Attestation 输入验证错误漏洞

Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...

7.8CVSS5.8AI score0.0031EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to S1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the system containing binary files...

8.8CVSS5.3AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Dell Inventory Collector Client 安全漏洞

Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...

6.3CVSS5.5AI score0.00085EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

NETGEAR Routers 输入验证错误漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient authentication and input validation, which may allow unauthorized users on the local network to...

8.8CVSS5.4AI score0.00235EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/07 4:50 a.m.11 views

SUSE CVE-2026-10926

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. Chromium security severity: High...

8.8CVSS6AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

7.1CVSS5.6AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-21036

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information...

6.3CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

7.8CVSS5.5AI score0.00093EPSS
Exploits0References1
Rows per page
Query Builder