1032 matches found
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability
Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...
MCP Server Kubernetes has an Argument Injection in port_forward tool via space-splitting
Summary The portforward tool in mcp-server-kubernetes constructs a kubectl command as a string and splits it on spaces before passing to spawn. Unlike all other tools in the codebase which correctly use execFileSync"kubectl", argsArray, portforward uses string concatenation with user-controlled...
EUVD-2026-22505
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
EUVD-2026-22445
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-32076
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-27907
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-32076
CVE-2026-32076 describes an out-of-bounds read in the Windows Storage Spaces Controller that enables an authorized local attacker to elevate privileges. The vulnerability is tied to the Storage Spaces Controller component and is documented across multiple sources (NVD/NVD-affiliated listings, Red...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907
CVE-2026-27907 is a Windows Storage Spaces Controller elevation-of-privilege vulnerability caused by an integer underflow. Exploitation would require local access with low privileges. Publicly available sources confirm the issue and that Microsoft released fixes (e.g., KB5082060 for Windows Serve...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
PT-2026-32802
CVE-2026-32076 Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. https://t.co/6Pxw9igVaS...
Microsoft Windows Storage Spaces Controller 缓冲区错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a buffer error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...
Microsoft Windows Storage Spaces Controller 数字错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a numerical error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain higher privileges. The following...
PT-2026-32769
Name of the Vulnerable Software and Affected Versions Windows Storage Spaces Controller affected versions not specified Description An integer underflow wrap or wraparound occurs in the Windows Storage Spaces Controller, which allows an authorized attacker to elevate privileges locally...
CVE-2026-39983
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...