Lucene search
K

2124 matches found

Vulnrichment
Vulnrichment
added 2026/05/25 7:25 a.m.11 views

CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/25 7:25 a.m.40 views

CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

6.8CVSS0.00173EPSS
Exploits1References1
CVE
CVE
added 2026/05/25 7:25 a.m.28 views

CVE-2026-9490

Affected product: Acer Care Center (ACC Svc). The vulnerability arises because the ACCSvc service creates a Named Pipe with a weak security descriptor, permitting an authenticated local user to connect and send a crafted message (type 0x03). This can trigger the service to crash with exit code 10...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:25 a.m.13 views

CVE-2026-9490

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/25 2:16 a.m.14 views

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 1:50 a.m.56 views

CVE-2026-9489 NitroSense V3: Local Privilege Escalation (LPE) vulnerability

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 1:50 a.m.21 views

CVE-2026-9489

NitroSense V3 (affected versions prior to 3.01.3052) contains a Local Privilege Escalation due to a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions. The misconfiguration allows any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTE...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 1:50 a.m.10 views

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 1:50 a.m.9 views

CVE-2026-9489 NitroSense V3: Local Privilege Escalation (LPE) vulnerability

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 1:50 a.m.17 views

EUVD-2026-31619

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43021

Name of the Vulnerable Software and Affected Versions Acer Care Center affected versions not specified Description The ACCSvc service creates a Named Pipe with a weak Security Descriptor. This allows an authenticated local user to connect and send a specially crafted message of type 0x03 to the...

6.8CVSS5.5AI score0.00173EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software from Acer Taiwan, China. A security vulnerability exists in versions prior to Acer NitroSense 3.01.3052, which stems from an improperly configured Windows Named Pipe that could cause any local user to execute arbitrary code or...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Acer Care Center 安全漏洞

Acer Care Center is a system care center from Acer China that allows you to back up or restore your system settings and network drivers to prevent the effects of a system failure. A security vulnerability exists in Acer Care Center that stems from a Named Pipe created by the ACCSvc service that h...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-42992

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/05/23 11:3 p.m.10 views

MAL-2026-4630 Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...

5.4AI score
Exploits0References11
CVE
CVE
added 2026/05/22 4:38 p.m.32 views

CVE-2026-9255

Kiro CLI vulnerability CVE-2026-9255 affects kiro-cli prior to version 1.28.0. Missing input source validation in the tool authorization prompt allows a local attacker to run arbitrary tools, including shell commands, by piping crafted content to kiro-cli via stdin. This is a local-attack risk wi...

8.4CVSS6.1AI score0.00119EPSS
Exploits0References2Affected Software1
Rosalinux
Rosalinux
added 2026/05/22 8:59 a.m.18 views

Advisory ROSA-SA-2026-3294

CVE-ID: CVE-2026-46300 BDU-ID: None CVE-Crit: Not available CVE-DESCRIPTION: A vulnerability in the XFRM ESP-in-TCP subsystem of the Linux kernel. A logical error occurs when transitioning a TCP socket to the espintcp mode after writing file data to the receive queue. The kernel processes file...

8.8CVSS6.1AI score0.93235EPSS
Exploits45
OSV
OSV
added 2026/05/21 8:5 p.m.9 views

MAL-2026-4416 Malicious code in @ornexus/neocortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh or install.ps1 which, by default, runs an installcoderabbit step that fetches...

6.3AI score
Exploits0References2
NVD
NVD
added 2026/05/21 2:16 p.m.14 views

CVE-2026-34928

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 1:3 p.m.42 views

CVE-2026-34928

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS0.00213EPSS
Exploits0References1
Rows per page
Query Builder