CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility driver developed by Microsoft for Winsock. There is a resource management vulnerability present in the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit this vulnerability to gain elevated...

CVE-2026-1679

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow eswifi-buf, corrupting kernel memory CWE-120. Exploit requires local code that can call the socket send API; no remote attacker can reach it directly...

EUVD-2026-9943

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-26305 Mobility46 mobility46.se Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

EUVD-2015-4523

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-47792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-47792

Nextcloud Desktop prior to version 3.15 is affected: 3rd-party applications already installed on a user machine can create link shares for nearly all data through the socket API, enabling exfiltration to external services. The vulnerability’s impact is rated high for confidentiality and low for i...

3rdparty applications can create share links via socket API

None...

PT-2025-21658

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop versions prior to 3.15 Description: The issue affects Nextcloud Desktop, allowing 3rd party applications to create link shares for almost all data via the socket API. These shares can then be sent to an external service...

📄 Microsoft Windows 11 Pro 23H2 Privilege Escalation

Microsoft Windows version 11 Pro 23H2 Ancillary Function Driver for WinSock privilege escalation exploit. Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Elevation of Privilege Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact:...

XSOverlay 安全漏洞

XSOverlay is a desktop overlay application for OpenVR by the individual developer Xiexe. A security vulnerability exists in XSOverlay that originates from sending malicious commands to the WebSocket API and can lead to arbitrary code execution...

VMware Fusion Virtual Machine Side Remote Code Execution Vulnerability

VMware Fusion is a virtual machine software for the Mac operating system from VMware. A remote code execution vulnerability exists on the virtual machine side of VMware Fusion, which can be exploited by an attacker to execute arbitrary code on all virtual machines with VMware Tools installed via...

openSUSE Security Update : seamonkey (openSUSE-2015-632)

seamonkey was updated to fix 25 security issues. These security issues were fixed : - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval o...

openSUSE: Security Advisory for seamonkey (openSUSE-SU-2015:1681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...