276237 matches found
PT-2026-7751
Name of the Vulnerable Software and Affected Versions macOS Sequoia versions 15.7.4 macOS Tahoe version 26.3 macOS Sonoma versions 14.8.4 Description A privacy issue existed where an application could potentially access sensitive user data. The issue was resolved with improved checks...
PT-2026-7531
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
Nsasoft Dnss Domain Name Search Software 安全漏洞
Nsasoft Dnss Domain Name Search Software is a domain name search and analysis tool developed by the American companyNsasoft. The software has a security vulnerability, which stems from a buffer overflow in the registration key field, potentially causing the application to crash...
PT-2026-7694
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application cras...
keylime-config-7.14.0+0-1.1 on GA media (moderate)
keylime-config-7.14.0+0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10165-1 Rating: moderate Cross-References: CVE-2026-1709 CVSS scores: CVE-2026-1709 SUSE : 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H CVE-2026-1709 SUSE : 8.8...
Malicious code in gpu-discovery (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-21355
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-21353
The CVE-2026-21353 issue affects DNG SDK versions 1.7.1 ≤ 2410 and earlier. The root cause is an Integer Overflow or Wraparound (CWE-190) in the SDK, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. ...
CVE-2026-21355
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-21358
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue...
CVE-2026-21314
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-20841
Improper neutralization of special elements used in a command 'command injection' in Windows Notepad App allows an unauthorized attacker to execute code locally...
CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability
...
CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...
CVE-2026-21315 Audition | Out-of-bounds Read (CWE-125)
Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must ope...
CVE-2025-36522
Incorrect default permissions for some IntelR Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...
CVE-2025-32092
Insecure inherited permissions for some IntelR Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege...
CVE-2025-22849
Incorrect default permissions for the IntelR OptaneTM PMem management software before versions CRMGMT01.00.00.3584, CRMGMT02.00.00.4052, CRMGMT03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined...
CVE-2025-36522
Incorrect default permissions for some IntelR Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...
CVE-2025-36522
Summary of CVE-2025-36522: The affected component is Intel Chipset Software. The vulnerability arises from incorrect default permissions in Ring 3 user applications, potentially enabling privilege escalation. It requires a local attacker with an authenticated user and high attack complexity, with...