Lucene search
+L

57 matches found

nvd
nvd
added 6 days ago8 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS0.00099EPSS
Exploits0References1
cve
cve
added 6 days ago9 views

CVE-2026-21040

CVE-2026-21040 affects IAFDService; the root cause is improper access control that allows local privileged attackers to use the privileged APIs prior to SMR Jul-2026 Release 1. Documented impact includes access to high-privilege APIs with local execution, and no exploitation or remediation steps ...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
cisa_kev
cisa_kev
added 2026/04/20 12:0 a.m.8 views

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow...

5.4CVSS7.7AI score0.07016EPSS
In wildExploits0
euvd
euvd
added 2026/04/02 6:31 p.m.5 views

EUVD-2026-18394

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
osv
osv
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.6 views

PT-2026-29820

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References15
cvelist
cvelist
added 2026/04/02 12:0 a.m.20 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00426EPSS
Exploits0References2
osv
osv
added 2026/04/02 12:0 a.m.2 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References4
snyk
snyk
added 2026/03/13 8:55 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via insufficient access control in the command handler. An attacker can gain unauthorized access to privileged configuration and debugging interfaces by sending...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References2
nvd
nvd
added 2026/01/09 7:16 a.m.9 views

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...

7.8CVSS0.00129EPSS
Exploits0References1
attackerkb
attackerkb
added 2025/12/10 9:3 a.m.4 views

CVE-2025-1161

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025...

7.1CVSS5.5AI score0.00179EPSS
Exploits0References3
euvd
euvd
added 2025/12/10 9:3 a.m.6 views

EUVD-2025-202404

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025...

7.1CVSS6.4AI score0.00179EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/12/10 12:0 a.m.6 views

PT-2025-50312

Name of the Vulnerable Software and Affected Versions Nomysem versions through May 2025 Description The software contains an issue related to the incorrect use of privileged APIs, which allows for privilege escalation. Recommendations At the moment, there is no information about a newer version...

7.1CVSS6.5AI score0.00179EPSS
Exploits0References7
osv
osv
added 2025/10/10 7:15 a.m.6 views

CVE-2025-21047

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

6.8CVSS5.8AI score0.00176EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/10 6:33 a.m.12 views

CVE-2025-21047

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

5.2CVSS0.00176EPSS
Exploits0References1
euvd
euvd
added 2025/10/10 6:33 a.m.6 views

EUVD-2025-33684

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

5.2CVSS5.9AI score0.00176EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/10 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2025 Release 1 prior to Release 1, which stems from improper access control and coul...

6.8CVSS6.2AI score0.00176EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26600

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00126EPSS
Exploits0References1
osv
osv
added 2025/09/04 7:15 p.m.4 views

CVE-2025-48545

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS5.9AI score
Exploits0References2
cve
cve
added 2025/09/04 6:34 p.m.43 views

CVE-2025-48545

CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...

7.1CVSS6AI score0.00088EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder