Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

126 matches found

Snyk
Snykadded last week2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure default permissions that grant regular users elevated privileges. An attacker can gain unauthorized access to host files and execute code with root-level privileges by leveraging authenticat...

9.4CVSS6AI score0.00056EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded last week4 views

CVE-2026-9037 Download of code without integrity check in XCharge C6

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00041EPSS
Exploits0References1
OSV
OSVadded 2026/05/26 1:0 a.m.5 views

MAL-2026-4544 Malicious code in cwao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f48b0fefe9d99bcebeaa878f5bb2ca40df917b40785d6b5b8a31cf6e70a44970 package.json declares "preinstall": "./vendor/setup", which directly executes a 976,568-byte packed Linux x86 ELF binary shipped in the tarball. The...

5.9AI score
Exploits0References1
Cvelist
Cvelistadded 2026/05/21 1:4 p.m.31 views

CVE-2026-45206

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must first obtain the abilit...

7.8CVSS0.00008EPSS
Exploits0References1
CVE
CVEadded 2026/05/21 1:3 p.m.11 views

CVE-2026-34928

CVE-2026-34928 affects the Apex One/SEP agent with an origin validation flaw in a named-pipe communication path that can let a local attacker escalate privileges after gaining low-privilege code execution. The vulnerability relies on improper validation in inter-process communication, enabling pr...

7.8CVSS6AI score0.00008EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/21 1:3 p.m.6 views

EUVD-2025-209915

An origin validation error vulnerability in the Trend Micro Apex One mac agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS7.3AI score0.00008EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/21 1:2 p.m.3 views

EUVD-2025-209917

A time-of-check time-of-use vulnerability in the Trend Micro Apex One mac agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7CVSS7.3AI score0.00013EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/21 1:2 p.m.31 views

CVE-2025-71214

An origin validation error vulnerability in the Trend Micro Apex One mac agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

0.00008EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/21 1:2 p.m.33 views

CVE-2025-71213

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

7.8CVSS0.0001EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.4 views

PT-2026-42470

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the...

7.8CVSS7.1AI score0.00008EPSS
Exploits0References7
OSV
OSVadded 2026/03/04 1:15 p.m.1 views

CVE-2026-21426

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of...

6.7CVSS6AI score0.00019EPSS
Exploits0References1
CVE
CVEadded 2026/03/04 12:41 p.m.4 views

CVE-2026-21426

CVE-2026-21426 affects Dell PowerScale OneFS prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1. The vulnerability is described as an execution with unnecessary privileges, allowing a high-privileged local attacker to cause denial of service, privilege escalation, and information disclosure...

6.7CVSS6.1AI score0.00019EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiativeadded 2026/03/03 12:0 a.m.2 views

Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

7.3CVSS6.1AI score0.00012EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/12 12:0 a.m.2 views

PT-2026-7898

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

6.8CVSS5.4AI score0.00044EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 4:58 p.m.8 views

Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].

Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION:...

8.8CVSS7.3AI score0.01278EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 12:42 p.m.1 views

CVE-2023-25148

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to...

7.8CVSS7.1AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:30 a.m.1 views

CVE-2023-43570

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code...

6.7CVSS7.2AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/24 12:30 a.m.1 views

EUVD-2025-205016

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7AI score0.00017EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/12/23 9:18 p.m.21 views

CVE-2025-14498 TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability

TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-29049

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00307EPSS
Exploits0References3
Rows per page
Query Builder