2314 matches found
CVE-2026-63304
AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can brea...
CVE-2026-54000
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
MAL-2026-10135 Malicious code in theta-sdk-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6967c021e95228b33b18be4489fea5d404720cbd21beb53dac8bf7ea4f4d54d1 [email protected] ships src/decrypt.js and src/providers/BaseProvider.js which together implement a hidden execution channel. On module load,...
EUVD-2026-42919
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-54000
CVE-2026-54000 in osquery (Windows) describes a heap buffer out-of-bounds write in getProcessCurrentDirectory() triggered via the processes table by a maliciously crafted process. The unchecked PEB string lengths in process command-line and current-directory reads allow a local attacker with low ...
CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows)
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows)
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-57239
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
EUVD-2026-42184
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-57239
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-57239 Foxit PDF Editor/Reader Local Privilege Escalation
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
PT-2026-56338
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description High-privilege processes directly execute executable files that can be controlled by the user. This allows low-privilege users to elevate their privileges to NT...
PT-2026-55457
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
...
PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
CVE-2026-45259
sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kernsigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue2 to send signa...
CVE-2026-0828 Kernel driver vulnerability in Safetica Endpoint Client
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...
CVE-2026-0828
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...
CVE-2026-0828
CVE-2026-0828 affects Safetica’s endpoint client x64, specifically the kernel driver ProcessMonitorDriver.sys (versions 10.5.75.0 and 11.11.4.0). The vulnerability stems from an IOCTL path that lacks proper caller privilege validation, allowing an unprivileged user with a handle to the device to ...
EUVD-2026-39793
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...