Lucene search
+L

11 matches found

nvd
nvd
added 2026/06/25 8:17 p.m.6 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

7.5CVSS0.00398EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/25 12:0 a.m.30 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

0.00398EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.10 views

PT-2026-52567

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the service allow a remote attacker to obtain sensitive information through the MSI SERVICE 2 pipe. Recommendations At the moment, there is no information about...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References4
cve
cve
added 2026/06/25 12:0 a.m.11 views

CVE-2026-37453

MSI Center’s NBFoundation Service (MSIAPService.exe) has CVE-2026-37453: an insecure named pipe (\.\pipe\MSI_SERVICE_2) exposed to all authenticated users that allows untrusted clients to perform arbitrary memory and I/O-port read/write via the WinIO wrapper. Root cause is unauthenticated access ...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2026/05/05 7:30 p.m.5 views

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/05/05 7:30 p.m.7 views

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/05 7:30 p.m.7 views

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References1
osv
osv
added 2026/05/05 7:30 p.m.3 views

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.3AI score0.00174EPSS
Exploits1References3
osv
osv
added 2026/05/05 7:28 p.m.4 views

CVE-2026-34461 Sandboxie-Plus SbieIniServer RunSbieCtrl stack buffer overflow allows local privilege escalation

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.3CVSS6.7AI score0.00172EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.13 views

PT-2026-37227

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID SBIE INI RUN SBIE CTRL message is processed before standard sandbox and impersonation checks. For callers not...

7.8CVSS6.5AI score0.00172EPSS
Exploits1References6
cnvd
cnvd
added 2015/10/15 12:0 a.m.7 views

Lenovo System Update Signature Validation Bypass Vulnerability

Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to low-privileged processes.A security vulnerability in Lenovo System Update software...

7.5CVSS7.7AI score0.00586EPSS
Exploits0
Rows per page
Query Builder