30610 matches found
CVE-2026-40106
Summary: CVE-2026-40106 affects the Windows agent of Wazuh (versions 4.6.0–pre-4.14.5). A heap-based buffer overflow occurs in the syscheck component during registry wildcard expansion. The code allocates a fixed 256-byte heap buffer (OS_SIZE_256); creating a registry subkey of maximum length (25...
CVE-2026-6423
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
EUVD-2026-44895
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
CVE-2026-6423
CVE-2026-6423 concerns a local privilege escalation in the ESET Inspect Connector caused by improper authentication on an ALPC IPC channel. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/ATT:N/VC:H/VI:H/SA:N/SI:N/VA:H) yields a base score of 8.5 (HIGH). Reported impact indicates elevated confidentialit...
CVE-2026-14961 CVE-2026-14961
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...
libinput security update
An update is available for libinput. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libinput is a library that handles input devices for display servers and...
CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
libinput: local privilege escalation via crafted uinput devices
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...
Moderate: Red Hat Security Advisory: libinput security update
An update for libinput is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2026-50650
Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...
CVE-2026-58632
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally...
CVE-2026-58633
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-58634
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-58613
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-58544
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally...
CVE-2026-58547
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-58538
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally...
CVE-2026-58541
Access of resource using incompatible type 'type confusion' in Windows DWM allows an authorized attacker to elevate privileges locally...
CVE-2026-58537
Use after free in Microsoft NAT Helper Components ipnathlp.dll allows an authorized attacker to elevate privileges locally...