Lucene search
K

2333 matches found

ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-13384

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to an...

8.6CVSS6.1AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-12167 CVE-2026-12167

The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...

Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-12167

The CVE-2026-12167 issue affects Little Orbit GFAC: the Minifilter communication port for driver GFAC_Sys_x64.sys exposes a interface with inadequate access controls. This local flaw lets an attacker access privileged driver functionality, potentially enabling kernel-mode actions. Some sources al...

7.8CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:17 p.m.11 views

CVE-2026-9705

Affected software & component: Keycloak – client registration service. Vulnerability: An attacker with a previously issued Registration Access Token (RAT) can re-enable a client that an administrator had disabled. This bypasses security controls and allows the attacker to reset the client’s secre...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 4:2 p.m.6 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 2:16 p.m.11 views

CVE-2025-2669

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6.5CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.3 views

CVE-2025-2669

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.31 views

CVE-2025-2669 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS0.00197EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Samba

A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Qemu

An integer overflow issue was identified in the vmxnet3 NIC emulator of QEMU for versions up to v5.2.0. This issue can occur if a guest provides invalid values for the rx/tx queue size or other NIC parameters. A privileged guest user may exploit this flaw to crash the QEMU process on the host,...

3.2CVSS6.4AI score0.00587EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A denial-of-service DOS issue was detected in the smb2ioctlqueryinfo function of the Linux kernel, within the fs/cifs/smb2ops.c Common Internet File System. This issue arises due to an incorrect return value from the memdupuser function. This flaw allows a local, privileged attacker with...

4.4CVSS6.6AI score0.00261EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A flaw was discovered in the Netfilter subsystem of the Linux kernel. The nfnlosfaddcallback function did not validate the optnum field controlled by the user mode. This flaw allows a local privileged attacker with CAPNETADMIN privileges to trigger an out-of-bounds read, resulting in a system cra...

6CVSS6.1AI score0.00415EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Python 3.7

A issue was discovered in the CPython tempfile.TemporaryDirectory class, affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier versions. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means that users who can...

7.8CVSS6.8AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-50052

Vulnerability in the Oracle Quality product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quality. Successful...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 3:17 p.m.7 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.3AI score0.00579EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 3:10 p.m.33 views

CVE-2026-9862 Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS0.00865EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 3:10 p.m.9 views

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.3AI score0.00865EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

9.8CVSS5.8AI score0.00865EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/12 9:38 a.m.9 views

CVE-2026-47166

A flaw was found in ImageMagick, a widely used software for image editing. An attacker with high privileges and local access could exploit a vulnerability in the magick -distribute-cache service. By causing a heap buffer over-read, this could lead to the disclosure of sensitive information and...

6CVSS5.3AI score0.00093EPSS
Exploits0References4
Rows per page
Query Builder