Lucene search
K

2303 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-54000

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows)

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-54000

CVE-2026-54000 in osquery (Windows) describes a heap buffer out-of-bounds write in getProcessCurrentDirectory() triggered via the processes table by a maliciously crafted process. The unchecked PEB string lengths in process command-line and current-directory reads allow a local attacker with low ...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
NVD
NVD
added 6 days ago10 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57239 Foxit PDF Editor/Reader Local Privilege Escalation

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS0.00115EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42184

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56338

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description High-privilege processes directly execute executable files that can be controlled by the user. This allows low-privilege users to elevate their privileges to NT...

8.2CVSS6.2AI score0.00115EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/07/01 8:6 a.m.5 views

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

...

7.5CVSS5.9AI score0.00309EPSS
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/27 8:59 a.m.11 views

CVE-2026-45259

sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kernsigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue2 to send signa...

5.7AI score0.00092EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:47 p.m.8 views

CVE-2026-0828

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

7.5CVSS6.1AI score0.00461EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/06/26 3:47 p.m.7 views

EUVD-2026-39793

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

7.5CVSS6.1AI score0.00461EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/26 3:47 p.m.40 views

CVE-2026-0828 Kernel driver vulnerability in Safetica Endpoint Client

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

0.00461EPSS
Exploits2References1
CVE
CVE
added 2026/06/26 3:47 p.m.96 views

CVE-2026-0828

CVE-2026-0828 affects Safetica’s endpoint client x64, specifically the kernel driver ProcessMonitorDriver.sys (versions 10.5.75.0 and 11.11.4.0). The vulnerability stems from an IOCTL path that lacks proper caller privilege validation, allowing an unprivileged user with a handle to the device to ...

7.5CVSS6.1AI score0.00461EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.34 views

CVE-2026-45256 Missing permission check in thr_kill2(2)

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

0.00092EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS0.00309EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 9:16 a.m.8 views

CVE-2026-11702

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

7.5CVSS0.00292EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 9:16 a.m.7 views

UBUNTU-CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References7
Rows per page
Query Builder