1849 matches found
CVE-2026-58619
Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...
CVE-2026-50367
Incorrect access of indexable resource 'range error' in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...
CVE-2026-58619
CVE-2026-58619 is a Windows Sensor Data Service vulnerability described as a use-after-free that enables an authorized attacker to locally elevate privileges. The vulnerability is reported with CVSS 3.1: LOCAL attack vector, HIGH impact (C, I, A), and low privileges required with no user interact...
CVE-2026-50367
CVE-2026-50367 describes an elevation of privilege in the Windows Sensor Data Service due to a logic flaw: incorrect access of an indexable resource (a range error). An authenticated local attacker could exploit this to escalate privileges on the affected system. The vulnerability’s CVSS 3.1 vect...
KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
EUVD-2026-42723
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
CVE-2026-57032
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
EUVD-2026-42025
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
PT-2026-56177
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description A bug in the /ui/dependencies scheduling graph endpoint allows an authenticated UI user with read permissions on some Dags to enumerate identifiers of other Dags they are not authorized to rea...
Bridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud Teams
Move beyond chasing vulnerabilities to a unified hybrid risk strategy. The Sensor Workload Scanner is now GA and extends our risk prioritization engine to on-premise environments to identify the critical attack paths across your hybrid cloud...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Fix for iiochanspec for sensors without event detection. The stlsm6dsxaccchannels array within struct iiochanspec contains a eventspec field that is not NULL, indicating that the sensor supports IIO events...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than are present in the FIFO. The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor...
CVE-2026-54317
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....
PT-2026-51577
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...
Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows
Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...
Astra Linux – Vulnerability in Linux 5.15
A NULL pointer dereference flaw was discovered in the Linux kernel’s AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system...
SUSE CVE-2026-46326
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...
EUVD-2026-35427
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...