CVE-2026-40407

CVE-2026-40407 describes a heap-based buffer overflow in the Windows Common Log File System (CLFS) Driver that permits an authorized, local attacker to elevate privileges. The vulnerability impact is local privilege escalation with a CVSS v3.1 base score of 7.8 (HIGH) and impact to confidentialit...

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)

The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

PT-2026-40220

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40212

Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. There are security...

EUVD-2026-29022

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

CVE-2026-8265

The CVE-2026-8265 issue affects Tenda AC6 firmware version 15.03.06.23. The vulnerable component is httpd, specifically the function get_log_file in /goform/getLogFile, where manipulating the wans.flag argument leads to an OS command injection. The vulnerability is exploitable remotely and exploi...

PT-2026-39564

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get log file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The explo...

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function getlogfile in the httpd component’s file/goform, which processes the parameter wan.flag, potentially allowin...

EUVD-2026-28788

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...

PT-2026-39145

Name of the Vulnerable Software and Affected Versions Akamai Guardicore Platform Agent versions 7.0 through 7.3.1 Akamai Zero Trust Client versions 6.0 through 6.1.5 Akamai Guardicore Platform Agent affected versions not specified Description Local privilege escalation is possible on Linux and...

CVE-2026-34354

CVE-2026-34354 affects Akamai Guardicore Platform Agent (GPA) on Linux/macOS and Akamai Zero Trust Client, versions 7.0–7.3.1 and 6.0–6.1.5 respectively. The vulnerability is TOCTOU-based local privilege escalation caused by the GPA service creating a world-writable IPC socket in /tmp and accepti...

CVE-2026-34354

Akamai Guardicore Platform Agent GPA and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the...