Lucene search
K

3755 matches found

Nuclei
Nuclei
added yesterday9 views

UniFi Network Application - Path Traversal

UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access. id: CVE-2026-22557 info: name: UniFi Network Application - Path Traversal...

10CVSS7.1AI score0.15601EPSS
Exploits3References4
CVE
CVE
added 4 days ago10 views

CVE-2026-54001

CVE-2026-54001 affects osquery on Windows prior to version 5.23.1. A local, unprivileged attacker can trigger a heap out-of-bounds write via the authenticode table by crafting a malicious binary query, due to publisher information parsing in getOriginalProgramName. Successful exploitation could e...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
CVE
CVE
added 5 days ago11 views

CVE-2026-47830

CVE-2026-47830 affects bosh-windows-stemcell-builder (Cloud Foundry Foundation). The issue is Incorrect Permission Assignment in BOSH.Utils.psm1 that lets low-privileged authenticated users overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, enabling them to gain NT AUTHORITY\SYSTEM ...

8.8CVSS7.2AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-47830 Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00115EPSS
Exploits0References2Affected Software2
Cloud Foundry
Cloud Foundry
added 6 days ago5 views

CVE-2026-47830 - Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite | Cloud Foundry

High CVSSv4: High 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder – All versions prior to...

8.8CVSS6AI score0.001EPSS
Exploits0
RedHat Linux
RedHat Linux
added last week5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/06 1:10 p.m.5 views

EUVD-2026-41874

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 12:31 a.m.7 views

EUVD-2026-41460

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS5.8AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:7 p.m.10 views

CVE-2026-13079

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and...

7.3CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:7 p.m.30 views

CVE-2026-13079

CVE-2026-13079 describes a local privilege escalation in the WatchGuard Mobile VPN with SSL client for Windows . The issue allows a local attacker to escalate to NT AUTHORITY\SYSTEM on the machine hosting the Windows client. Affected scope includes the Windows client versions up to and including ...

7.8CVSS5.8AI score0.00114EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 3:16 p.m.7 views

CVE-2026-12168

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55230

Name of the Vulnerable Software and Affected Versions Little Orbit GFAC affected versions not specified Description Improper validation and a NULL pointer dereference a condition where the software attempts to read from a memory address that is null, leading to a crash in the GFAC Sys x64.sys...

7.8CVSS6.3AI score0.0013EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 4:16 p.m.8 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS0.00963EPSS
Exploits1References3
CVE
CVE
added 2026/07/01 2:41 p.m.19 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 (PacsgearMediaServerEngine.dll) with ObjectURIs RemoteObj and UIRemoteObj and no authentication. An unauthenticated attacker can exploit MarshalByRefObject unmarshalling and implement .NET WebClient methods to read/write ...

9.8CVSS6.5AI score0.00985EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/01 2:39 p.m.18 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 is affected by an unauthenticated remote code execution through an exposed .NET Remoting TCP service (port 22222). The vulnerability chain starts with PGImageExchQueue.exe allowing arbitrary file read/write via the service, which can be leveraged with DLL hijacking in PGI...

9.8CVSS6.5AI score0.00963EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2026/07/01 12:59 p.m.25 views

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...

8.8CVSS7.2AI score0.99735EPSS
Exploits9
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-331 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00391EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.9 views

CVE-2026-44022

A flaw was found in Docling, a tool for document processing. The LaTeX backend, responsible for handling commands like \includegraphics, \input, and \include, lacked proper validation for file paths. This vulnerability allows an attacker to craft a malicious LaTeX document containing path travers...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References5
Rows per page
Query Builder