Lucene search
K

185494 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-55665

Grist spreadsheet app vulnerable to DOM-based XSS prior to version 1.7.15. Two flaws allowed attacker-controlled values to appear in link hrefs without scheme validation, enabling a javascript URL to execute in a victim’s Grist origin on a single click. Specifically, on the account-selection page...

8.5CVSS6.1AI score
Exploits0References3
CVE
CVE
added 1 hour ago4 views

CVE-2026-45196

GPU DDK vulnerability (CVE-2026-45196) arises from unsanitized pointers in host-kernel interactions with rgxfw_hwperf_hw, allowing kernel software in a Host VM to issue improper commands to GPU Firmware and trigger an arbitrary GPU register write, potentially enabling privilege escalation. The de...

6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-55789

Logto’s self-hosted SAML IdP (prior to v1.41.0) was vulnerable: it built signed SAML responses by substituting user-controlled profile attributes into an unescaped XML template, allowing an authenticated low-privilege user to forge a SAML attribute (e.g., role) and cause privilege escalation at r...

8.5CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-42961

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS6.1AI score
Exploits0References5
NVD
NVD
added 4 hours ago6 views

CVE-2026-56668

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS
Exploits0References3
CVE
CVE
added 4 hours ago10 views

CVE-2026-56668

Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...

8.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added 5 hours ago6 views

CVE-2026-51119

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS
Exploits0References4
NVD
NVD
added 5 hours ago5 views

CVE-2026-2398

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS
Exploits0References1
CVE
CVE
added 5 hours ago10 views

CVE-2026-2398

MobilMen 20T (Adam Retail Automation Ltd) is affected by CVE-2026-2398 due to an Authorization bypass via a User-Controlled key, enabling Privilege Escalation. Affected versions are MobilMen 20T v3 through 10072026. CVSS 3.1 base score 8.8 (Network, Low attack complexity, Privileges Required: Low...

8.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-2398 IDOR in AdamPOS' MobilMen 20T

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-42959

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS
Exploits0References2
CVE
CVE
added 6 hours ago7 views

CVE-2026-59190

Grav plugin: grav-plugin-admin is affected. In versions ≤1.10.52, an authenticated user with admin.users permission can escalate privileges by altering another user’s password via POST to /admin/user/{username}?task=save with data[password]. The vulnerability stems from saveUser validating the ca...

8.7CVSS6.1AI score
Exploits0References2
NVD
NVD
added 6 hours ago8 views

CVE-2026-54001

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode table targeting a maliciously crafted binary, due to...

7CVSS
Exploits0References4
NVD
NVD
added 6 hours ago5 views

CVE-2026-54000

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS
Exploits0References4
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows)

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS
Exploits0References4
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score
Exploits0References4
CVE
CVE
added 7 hours ago4 views

CVE-2026-54000

CVE-2026-54000 in osquery (Windows) describes a heap buffer out-of-bounds write in getProcessCurrentDirectory() triggered via the processes table by a maliciously crafted process. The unchecked PEB string lengths in process command-line and current-directory reads allow a local attacker with low ...

7CVSS6.2AI score
Exploits0References4
CVE
CVE
added 7 hours ago6 views

CVE-2026-54001

CVE-2026-54001 affects osquery on Windows prior to version 5.23.1. A local, unprivileged attacker can trigger a heap out-of-bounds write via the authenticode table by crafting a malicious binary query, due to publisher information parsing in getOriginalProgramName. Successful exploitation could e...

7CVSS6.2AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 10 hours ago12 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02593EPSS
Exploits1References2
Rows per page
Query Builder