Lucene search
K

612 matches found

NVD
NVD
added 2026/07/02 3:16 p.m.10 views

CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

5.5CVSS0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 2:36 p.m.35 views

CVE-2026-12168 CVE-2026-12168

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

0.0013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/02 2:36 p.m.11 views

CVE-2026-12166 CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

5.8AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 2:36 p.m.34 views

CVE-2026-12166 CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 2:35 p.m.11 views

CVE-2026-12167

The CVE-2026-12167 issue affects Little Orbit GFAC: the Minifilter communication port for driver GFAC_Sys_x64.sys exposes a interface with inadequate access controls. This local flaw lets an attacker access privileged driver functionality, potentially enabling kernel-mode actions. Some sources al...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:35 p.m.8 views

CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55230

Name of the Vulnerable Software and Affected Versions Little Orbit GFAC affected versions not specified Description Improper validation and a NULL pointer dereference a condition where the software attempts to read from a memory address that is null, leading to a crash in the GFAC Sys x64.sys...

7.8CVSS6.3AI score0.0013EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 9:15 p.m.10 views

Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
OSV
OSV
added 2026/07/01 9:15 p.m.7 views

MAL-2026-6723 Malicious code in electron-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7faf51a6c9d6ed9fce8cf9de9ea8afee0e9c3dc1fb254e8cd0c3c2a8ca61323f On require'electron-orbit', the module unconditionally fires an auto-prefetch pipeline in Node contexts when no document is present that opens a raw...

5.8AI score
Exploits0References32
NVD
NVD
added 2026/06/18 6:16 a.m.17 views

CVE-2026-11358

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 5:34 a.m.34 views

CVE-2026-11358

The CVE concerns the Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress (versions up to 3.0.6). The vulnerability is a Stored Cross-Site Scripting flaw arising from insufficient input sanitization and output escaping in admin settings. It a...

4.4CVSS5.5AI score0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/18 5:34 a.m.12 views

EUVD-2026-37850

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS5.4AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.29 views

CVE-2026-11358 Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it...

4.4CVSS0.00203EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/17 4:48 p.m.20 views

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

4.4CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.15 views

Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

5.4AI score0.00032EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-49056

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.85.0 Description Authenticated users with the lowest-privilege Observer role can extract host enrollment secrets, specifically node key and orbit node key, using a cursor-based binary search oracle. The issue exists i...

6.5CVSS5.9AI score0.00032EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.10 views

CLIF: Cross-Layer LEO-ISL Fingerprinting for Physical and Network Attack Detection in Dense LEO Constellations

Low-Earth Orbit LEO mega-constellations such as Starlink by SpaceX and Kuiper by Amazon rely on optical Inter-Satellite Links ISLs for autonomous mesh routing to provide low-latency telecommunication, Internet of Things IoT, and security services globally. As commercial operators and governments...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-27806

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

7.8CVSS6AI score0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-27806

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

7.8CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:3 p.m.6 views

EUVD-2026-20540

Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit...

7.8CVSS5.9AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder