Lucene search
K

1849 matches found

NVD
NVD
added yesterday5 views

CVE-2026-58619

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...

7CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-50367

Incorrect access of indexable resource 'range error' in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-58619

CVE-2026-58619 is a Windows Sensor Data Service vulnerability described as a use-after-free that enables an authorized attacker to locally elevate privileges. The vulnerability is reported with CVSS 3.1: LOCAL attack vector, HIGH impact (C, I, A), and low privileges required with no user interact...

7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50367

CVE-2026-50367 describes an elevation of privilege in the Windows Sensor Data Service due to a logic flaw: incorrect access of an indexable resource (a range error). An authenticated local attacker could exploit this to escalate privileges on the affected system. The vulnerability’s CVSS 3.1 vect...

7.8CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago16 views

KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS7AI score0.53389EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00421EPSS
Exploits0References2
NVD
NVD
added 6 days ago6 views

CVE-2026-57032

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 9:17 a.m.36 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

0.00636EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 9:17 a.m.6 views

EUVD-2026-42025

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 9:17 a.m.3 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56177

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description A bug in the /ui/dependencies scheduling graph endpoint allows an authenticated UI user with read permissions on some Dags to enumerate identifiers of other Dags they are not authorized to rea...

4.3CVSS6.1AI score0.00636EPSS
Exploits0References14
Wiz blog
Wiz blog
added 2026/06/29 1:39 p.m.11 views

Bridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud Teams

Move beyond chasing vulnerabilities to a unified hybrid risk strategy. The Sensor Workload Scanner is now GA and extends our risk prioritization engine to on-premise environments to identify the critical attack paths across your hybrid cloud...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Fix for iiochanspec for sensors without event detection. The stlsm6dsxaccchannels array within struct iiochanspec contains a eventspec field that is not NULL, indicating that the sensor supports IIO events...

5.8AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than are present in the FIFO. The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:39 p.m.4 views

CVE-2026-54317

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References9
Wiz blog
Wiz blog
added 2026/06/22 1:21 p.m.31 views

Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...

5.5AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

A NULL pointer dereference flaw was discovered in the Linux kernel’s AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 12:25 p.m.13 views

EUVD-2026-35427

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

5.4AI score0.00132EPSS
Exploits0References4
Rows per page
Query Builder