Lucene search
+L

30665 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-45363

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7...

7.8CVSS5.3AI score0.00147EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-47868

CVE-2026-47868 concerns VMware Avi Load Balancer. A local privilege escalation allows a user with local access to run code as root. Affected versions are: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); 22.1.1–22.1.7 (fixed in 30.2.7). CVSSv3.1 base...

7.8CVSS5.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-50650

A flaw was found in .NET Framework. This vulnerability, caused by improper control of code generation, allows an unauthorized attacker to inject malicious code. Successful exploitation can lead to local privilege escalation, enabling the attacker to gain higher access rights on the affected syste...

7.8CVSS5.3AI score0.00285EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15380 Local privilege escalation in Symantec ITMS

A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...

5.1CVSS0.00127EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2019-25764

CVE-2019-25764 concerns the ASUS AURA SYNC driver, where an exposed IOCTL with insufficient access control enables a local user to bypass verification and invoke arbitrary IOCTLs, leading to privilege escalation. The available connected documents confirm the affected component as the ASUS AURA SY...

7.3CVSS6.2AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago38 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS0.0009EPSS
Exploits0References1
OSV
OSV
added 3 days ago2 views

CVE-2026-40106 Wazuh: Heap-based Buffer Overflow in syscheck Registry Wildcard Expansion (LPE / DoS)

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards or...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-40106

Summary: CVE-2026-40106 affects the Windows agent of Wazuh (versions 4.6.0–pre-4.14.5). A heap-based buffer overflow occurs in the syscheck component during registry wildcard expansion. The code allocates a fixed 256-byte heap buffer (OS_SIZE_256); creating a registry subkey of maximum length (25...

4.7CVSS6.1AI score0.00089EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-58598

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Backup Engine allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00193EPSS
Exploits0References2Affected Software5
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-53411 Zoom Workplace VDI Plugin for Windows - Improper Input Validation

A time-of-check to time-of-use TOCTOU race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges...

7.8CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 3 days ago10 views

CVE-2026-6423

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44895

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS6.1AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-6423

CVE-2026-6423 concerns a local privilege escalation in the ESET Inspect Connector caused by improper authentication on an ALPC IPC channel. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/ATT:N/VC:H/VI:H/SA:N/SI:N/VA:H) yields a base score of 8.5 (HIGH). Reported impact indicates elevated confidentialit...

8.5CVSS6.1AI score0.00116EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1927)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1927 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

5.4AI score
Exploits0References2
CVE
CVE
added 3 days ago5 views

CVE-2026-36425

The CVE-2026-36425 issue affects OPSWAT AppRemover Driver (ardrv.sys, v2017.10.02.1551 and earlier). The IOCTL handler 0x2420031 can be invoked by a local, non-privileged user to terminate arbitrary processes without validating caller privileges, process protections, or critical-system status. Do...

6.5CVSS6.1AI score0.00422EPSS
Exploits1References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-14961 CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

0.00121EPSS
Exploits1References1
Rockylinux
Rockylinux
added 4 days ago7 views

libinput security update

An update is available for libinput. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libinput is a library that handles input devices for display servers and...

9.8CVSS6.1AI score0.00498EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS0.00225EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago7 views

Moderate: Red Hat Security Advisory: libinput security update

An update for libinput is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.1AI score0.00498EPSS
Exploits0References2
Rows per page
Query Builder