3133 matches found
CVE-2026-31704
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use checkaddoverflow to prevent u16 DACL size overflow setposixaclentriesdacl and setntacldacl accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causin...
Exploit for Improper Authentication in Microsoft
CVE-2026-24294 - Local NTLM Reflection LPE via SMB Arbitrary P...
CVE-2026-32952
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
GHSA-PJCQ-XVWQ-HHPJ go-ntlmssp NTLM challenges can panic on malformed payloads
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
go-ntlmssp NTLM challenges can panic on malformed payloads
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...
(0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Unity Linux 20.1070e Security Update: freerdp (UTSA-2026-006941)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006941 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when...
EUVD-2026-22991
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
[SECURITY] Fedora 42 Update: libgsasl-1.10.0-15.fc42
The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...
CVE-2026-33682
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...
Metasploit Wrap-Up 03/27/2026
Better NTLM Relaying Functionality This weekโs release brings an improvement to the SMB NTLM relay server. In the past, itโs support has been expanded with modules for relaying to HTTP ESC8, MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clien...
EUVD-2026-16005
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...
Iperius Backup ่ฎฟ้ฎๆงๅถ้่ฏฏๆผๆด
Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.3 and earlier contained an access control vulnerability, which was caused by improper handling of the NTLM2 Handler component, potentially leading to information leakage...
Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0
Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...
๐ Microsoft Windows 11 SMB Local Privilege Escalation
Proof of concept for CVEโ2025โ33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...
CVE-2025-66413
CVE-2025-66413 (Git for Windows) affects the Windows port of Git prior to 2.53.0(2). The issue arises when a user is tricked into cloning from a malicious server, allowing an attacker to obtain the userโs NTLM hash. Because NTLM hashing is weak, the attacker may brute-force the userโs account nam...
EUVD-2025-208535
Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...
CVE-2025-66413
Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...
๐ Windows SMB Client Privilege Escalation
This Metasploit module exploits CVE-2025-33073 in Windows SMB clients through a complex attack chain involving DNS record injection, NTLM relay attacks, and RPC coercion. The vulnerability allows privilege escalation and remote code execution on affected Windows systems including Windows 11,...
Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...