7307 matches found
CVE-2026-12782 EaseUS Partition Master Kernel Driver EUEDKEPM.sys access control
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...
CVE-2026-12782
The CVE-2026-12782 entry concerns EaseUS Partition Master (up to 14.5). The affected component is EUEDKEPM.sys (Kernel Driver); a flaw in an unknown function leads to improper access controls. It requires local access to exploit, and an exploit has been publicly released. Impact is described as h...
EUVD-2026-38146
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...
CVE-2026-12781
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...
CVE-2026-12781 EaseUS Partition Master Kernel Driver epmntdrv.sys access control
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...
CVE-2026-12781
CVE-2026-12781 affects EaseUS Partition Master up to 14.5. The flaw is in the kernel driver epmntdrv.sys, in an unknown function, enabling local, low-privilege access to escalate due to improper access control. Exploitation is publicly available and has been demonstrated as a local-facing vulnera...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...
Astra Linux – Vulnerability in openssl1.0
The Raccoon attack exploits a flaw in the TLS specification, which allows an attacker to calculate the pre-master secret in connections that use a Diffie-Hellman DH-based ciphersuite. In such cases, the attacker can eavesdrop on all encrypted communications sent over that TLS connection. The atta...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm: A use-after-free issue in drmgetunique has been fixed. There is a time-of-check-to-time-of-use error in drmgetunique, caused by retrieving fpriv-master before locking the device’s master mutex. An example of this error can b...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagatemnt function handles mount propagation when creating mounts and propagates the source mount tree @sourcemnt to all applicable nodes of the destination propagation mount tree, heade...
Astra Linux – Vulnerability in xorg-server
A flaw related to out-of-bounds memory access was discovered in the X.Org server. This issue can occur when a device that has been frozen by a sync operation is reattached to a different master device. This issue may result in an application crashing, local privilege escalation if the server runs...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fixed a use-after-free vulnerability in the cdnsi3cmasterprobe function due to race conditions. In the cdnsi3cmasterprobe function, &master-hjwork is bound to cdnsi3cmasterhj. And cdnsi3cmasterinterrupt can cal...
WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...
CVE-2025-52465
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...
CVE-2025-52465
GeoServer has an arbitrary file write vulnerability (CVE-2025-52465) in the Master Password Dump page. Before versions 2.26.4 and 2.27.3, an authenticated administrator with access to GeoServer’s security system can pass an absolute path as the target file name to the Master Password Dump page, c...
CVE-2025-52465 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the MagicYUV decoder process in the libavcodec library. An attacker can cause a denial of service or potentially execute arbitrary code by submitting a specially crafted file that triggers an odd sliceheight valu...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SSHMSGEXTINFO handler during the initial handshake process. An attacker can cause the client application to become unresponsive by sending a crafted extension count value that triggers an infini...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the audio.py file. An attacker can cause excessive memory consumption by...