Lucene search
K

3134 matches found

Zero Day Initiative
Zero Day Initiative
•added 2026/03/03 12:0 a.m.•7 views

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS6.3AI score0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/02/19 12:0 a.m.•55 views

PT-2026-20800

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT AuthoritySYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:ProgramDatawtaClientExe directory, which is writable by "Everyone". The executable...

5.6AI score0.00104EPSS
Exploits0References1
SUSE CVE
SUSE CVE
•added 2026/02/18 12:25 a.m.•4 views

SUSE CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

5.5CVSS5.7AI score0.001EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/14 3:16 p.m.•7 views

CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

5.5CVSS5.7AI score0.001EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
•added 2026/02/13 8:1 p.m.•16 views

Metasploit Wrap-Up 02/13/2026

SolarWinds Web Help Desk Our very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7’s SolarWinds We...

9.8CVSS8.3AI score0.98871EPSS
Exploits79
OSV
OSV
•added 2026/02/13 4:34 p.m.•8 views

CLSA-2026-1771000442 libsoup: Fix of CVE-2026-0719

CVE-2026-0719 fix integer overflow in NTLM authentication when processing excessively long passwords...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/02/13 12:0 a.m.•13 views

PT-2026-7997

Name of the Vulnerable Software and Affected Versions Hyland OnBase affected versions not specified Description The software contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe and the Workview Timer Service. An attacker...

10CVSS6.2AI score0.01121EPSS
Exploits1References10
Zero Day Initiative
Zero Day Initiative
•added 2026/02/12 12:0 a.m.•6 views

Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

3.3CVSS5.5AI score0.10738EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/02/11 7:45 p.m.•7 views

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

3.3CVSS5.5AI score0.10738EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2026/02/11 7:51 a.m.•4 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/02/10 5:51 p.m.•23 views

CVE-2026-21249 Windows NTLM Spoofing Vulnerability

...

3.3CVSS0.10738EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/02/10 5:51 p.m.•3 views

CVE-2026-21249 Windows NTLM Spoofing Vulnerability

...

3.3CVSS5.4AI score0.10738EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
•added 2026/02/10 4:0 p.m.•5 views

Windows NTLM Spoofing Vulnerability

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

3.3CVSS5.5AI score0.10738EPSS
Exploits0
RedHat Linux
RedHat Linux
•added 2026/02/09 2:41 a.m.•4 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
•added 2026/02/09 12:0 a.m.•5 views

RHEL 9 : libsoup (RHSA-2026:2216)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2216 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Signed to Unsigned Conversion Error Leadi...

8.6CVSS6.5AI score0.00947EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/02/05 3:37 a.m.•7 views

libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.6CVSS5.9AI score0.00557EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/01/29 3:38 a.m.•5 views

CVE-2026-25067 SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

6.9CVSS5.9AI score0.00283EPSS
Exploits0References2
SUSE Linux
SUSE Linux
•added 2026/01/23 7:8 a.m.•9 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication bsc1256399. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

9.2CVSS5.9AI score0.00557EPSS
Exploits0References4
OSV
OSV
•added 2026/01/13 6:16 p.m.•5 views

CVE-2026-20872

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.8AI score0.1911EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/01/13 5:57 p.m.•27 views

CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability

...

6.5CVSS0.1911EPSS
Exploits0References1
Rows per page
Query Builder