17038 matches found
CVE-2026-0276
A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...
CVE-2026-0276
CVE-2026-0276 describes a privilege escalation in Palo Alto Networks Cortex XDR Broker VM, enabling a locally authenticated user to perform actions as root. Public details in the provided documents are limited to the existence of a local-privilege escalation with low attack complexity and low imp...
CVE-2026-0278
Summary: CVE-2026-0278 affects the Prisma Access Agent on Windows, where multiple protection mechanism failures in the Data Loss Prevention (DLP) component allow bypass of DLP policy enforcement. The macOS agent is not affected. Affected versions: 24.0 through 26.2. Impact: DLP controls can be ci...
CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...
CVE-2026-56459
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-56459
CVE-2026-56459 affects HCL DevOps Deploy / HCL Launch. The issue: the application stores potentially sensitive information in log files, which could be read by a local user, enabling sensitive data disclosure. Details in the provided documents indicate a local-access exposure due to log handling,...
EUVD-2026-42547
HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
nodejs: Node.js: Unauthorized file metadata modification
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...
nodejs: Node.js: Unauthorized file metadata modification
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...
kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation
A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...
nodejs: Node.js: Unauthorized file metadata modification
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...
CVE-2024-1248
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
CVE-2024-1248
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
CVE-2024-1248
The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...
CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
EUVD-2024-55648
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
PT-2026-55730
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation. When...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
CVE-2022-4989
UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation...