Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

46 matches found

CISA KEV Catalog
CISA KEV Catalogadded 2026/04/20 12:0 a.m.5 views

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow...

5.4CVSS7.7AI score0.01315EPSS
In wildExploits0
EUVD
EUVDadded 2026/04/02 6:31 p.m.1 views

EUVD-2026-18394

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00221EPSS
Exploits0References3
OSV
OSVadded 2026/04/02 5:16 p.m.1 views

DEBIAN-CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS5.8AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/02 12:0 a.m.12 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.2 views

PT-2026-29820

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...

9.8CVSS6.2AI score0.00221EPSS
Exploits0References15
Snyk
Snykadded 2026/03/13 8:55 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via insufficient access control in the command handler. An attacker can gain unauthorized access to privileged configuration and debugging interfaces by sending...

8.8CVSS5.9AI score0.00053EPSS
Exploits0References2
NVD
NVDadded 2026/01/09 7:16 a.m.3 views

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...

7.8CVSS0.00008EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/10 9:3 a.m.1 views

EUVD-2025-202404

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025...

7.1CVSS6.4AI score0.00038EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/10 12:0 a.m.1 views

PT-2025-50312

Name of the Vulnerable Software and Affected Versions Nomysem versions through May 2025 Description The software contains an issue related to the incorrect use of privileged APIs, which allows for privilege escalation. Recommendations At the moment, there is no information about a newer version...

7.1CVSS6.5AI score0.00038EPSS
Exploits0References7
OSV
OSVadded 2025/10/10 7:15 a.m.1 views

CVE-2025-21047

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

6.8CVSS5.8AI score
Exploits0References1
EUVD
EUVDadded 2025/10/10 6:33 a.m.3 views

EUVD-2025-33684

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

5.2CVSS5.9AI score0.00029EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/10 6:33 a.m.6 views

CVE-2025-21047

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

5.2CVSS0.00029EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/10/10 12:0 a.m.1 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2025 Release 1 prior to Release 1, which stems from improper access control and coul...

6.8CVSS6.2AI score0.00029EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-26600

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00026EPSS
Exploits0References1
OSV
OSVadded 2025/09/04 7:15 p.m.0 views

CVE-2025-48545

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2025/09/04 6:34 p.m.24 views

CVE-2025-48545

The CVE-2025-48545 entry relates to AccountManagerService.java (isSystemUid) in Android, where a confused deputy could allow an app to access privileged APIs. This could lead to local privilege escalation without additional execution privileges and without user interaction. The Android security b...

7.1CVSS6AI score0.00003EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/09/04 6:34 p.m.6 views

CVE-2025-48545

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00003EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/04 12:0 a.m.8 views

PT-2025-36066

Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: An application may access privileged APIs due to a confused deputy condition within the isSystemUid function of AccountManagerService.java. This could result in local privileg...

5.5CVSS6.2AI score0.00003EPSS
Exploits0References5
NVD
NVDadded 2025/09/03 6:15 a.m.1 views

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

6.8CVSS0.00026EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/09/03 6:5 a.m.3 views

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

6.8CVSS5.9AI score0.00026EPSS
Exploits0References1
Rows per page
Query Builder