Lucene search
+L

11545 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44670

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS6.1AI score0.00305EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago9 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
NVD
NVD
added 5 days ago3 views

CVE-2026-50356

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...

7CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-49784

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...

7CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-49165

Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally...

7.1CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-42900

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows App Store allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago23 views

CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

7CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-50356

CVE-2026-50356 describes a race-condition in Microsoft Windows App Store caused by concurrent execution using a shared resource with improper synchronization. This allows a locally authenticated attacker to elevate privileges. The fixed details or patch versions are not provided in the connected ...

7CVSS6.1AI score0.00153EPSS
Exploits0References1Affected Software11
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

7CVSS6.1AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago24 views

CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

7CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-49784

Summary: CVE-2026-49784 describes a race condition in the Microsoft Windows App Store caused by concurrent access to a shared resource with improper synchronization. The vulnerability allows an authorized local attacker to elevate privileges. The reported CVSS v3.1 vector is AV:L/AC:H/PR:L/UI:N/S...

7CVSS6.1AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

7CVSS6.1AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-49165

The CVE-2026-49165 entry concerns the Microsoft Windows App Store. The connected sources confirm that the vulnerability arises from use of an uninitialized resource, enabling an authorized local attacker to disclose information. Impact is information disclosure with local access; CVSS 3.1 factors...

7.1CVSS6AI score0.00243EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 5 days ago25 views

CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability

...

7.1CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability

...

7.1CVSS6.1AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

8.1CVSS0.00389EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-42900

The CVE-2026-42900 entry concerns a race condition caused by improper synchronization in the Windows App Store. Reported impact is privilege elevation over a network, implying an unauthorized attacker could exploit a timing-related flaw to escalate access. Documents consistently describe a concur...

8.1CVSS6.2AI score0.00389EPSS
Exploits0References1Affected Software11
Vulnrichment
Vulnrichment
added 5 days ago4 views

CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability

...

8.1CVSS6.1AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...

3.3CVSS0.00146EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-52839

Easy!Appointments versions before 1.6.0 allow cross-provider appointment injection via unauthorized use of the store and update endpoints. The vulnerability arises because store/update do not verify that id_users_provider belongs to the current session, enabling a provider to add or reassign appo...

3.3CVSS6.1AI score0.00146EPSS
Exploits0References2
Rows per page
Query Builder