Lucene search
K

2122 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS0.00125EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
CVE
CVE
added 3 days ago6 views

CVE-2026-57919

CVE-2026-57919 affects Matrix42 Empirum (pre-25.5 and pre-26.2). The issue: PBackupVSS.exe creates a named pipe (\.\pipe\PBackupVSS) with a permissive DACL granting GENERIC_READ/WRITE to all authenticated users, enabling a low-privileged, local attacker to connect and send crafted IPC messages to...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References3
NVD
NVD
added last week6 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

7.5CVSS0.00398EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 12:0 a.m.8 views

CVE-2026-37453

MSI Center’s NBFoundation Service (MSIAPService.exe) has CVE-2026-37453: an insecure named pipe (\.\pipe\MSI_SERVICE_2) exposed to all authenticated users that allows untrusted clients to perform arbitrary memory and I/O-port read/write via the WinIO wrapper. Root cause is unauthenticated access ...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52567

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the service allow a remote attacker to obtain sensitive information through the MSI SERVICE 2 pipe. Recommendations At the moment, there is no information about...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/25 12:0 a.m.28 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

0.00398EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS0.00094EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:39 p.m.4 views

EUVD-2026-39087

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 6:16 p.m.4 views

DEBIAN-CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-54268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

8.2CVSS0.00331EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:49 p.m.5 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 3:49 p.m.40 views

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:49 p.m.31 views

CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS0.00161EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/22 3:49 p.m.5 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.8AI score0.00161EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/22 3:31 p.m.7 views

CVE-2026-54268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: watchqueue: fix pipe accounting mismatch Currently, watchqueuesetsize modifies the pipe buffers allocated to user-pipebufs, without updating the pipe-nraccounted value on the pipe itself. This occurs due to the if...

5.5CVSS6.2AI score0.00164EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder