Lucene search
K

611 matches found

Cvelist
Cvelist
added 2026/07/05 9:45 a.m.38 views

CVE-2026-14736 Ruijie RG-UAC user_auth_commit.php unrestricted upload

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file userauthcommit.php. Performing a manipulation of the argument uploadimage results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.00452EPSS
Exploits0References5
CVE
CVE
added 2026/07/05 9:45 a.m.22 views

CVE-2026-14736

Ruijie RG-UAC up to version 1.0-R1.8.2.p5 contains a vulnerability in an unknown function of file user_auth_commit.php. Manipulating the upload_image argument allows unrestricted file upload, enabling remote exploitation. The vulnerability is publicly disclosed and could be used by attackers. No ...

7.5CVSS6.6AI score0.00452EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/05 9:45 a.m.7 views

CVE-2026-14736

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file userauthcommit.php. Performing a manipulation of the argument uploadimage results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS6.6AI score0.00452EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/05 9:45 a.m.7 views

EUVD-2026-41744

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file userauthcommit.php. Performing a manipulation of the argument uploadimage results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS6.6AI score0.00452EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.15 views

CVE-2026-46018

ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES...

5.8AI score0.00177EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.89 views

📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated UAC bypass vulnerability that enables remote code execution via /api/executeScript. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UAC Bypass Elevated CMD Date:...

6.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/14 12:45 p.m.101 views

Windows-privilege-exploits

Elevation !Windowshttps://img.shields.io/badge/platform-Wi...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 9:35 p.m.8 views

CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS6AI score0.00726EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/31 6:31 p.m.3 views

EUVD-2026-17476

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

4.7CVSS6.4AI score0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 3:30 p.m.3 views

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

4.7CVSS6.4AI score0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:30 p.m.3 views

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

4.7CVSS6.4AI score0.00177EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.13 views

SUSE CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

5.5CVSS5.7AI score0.00132EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

7.1CVSS5.7AI score0.00132EPSS
Exploits0References8
OSV
OSV
added 2026/03/03 8:16 p.m.5 views

CVE-2024-55027

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...

7.5CVSS5.7AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.3 views

CVE-2024-55027

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...

5.9AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.4 views

CVE-2024-55027

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...

5.9AI score0.00215EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/02/24 2:21 p.m.12 views

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/22 6:24 p.m.10 views

CVE-2026-23755

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

8.4CVSS5.8AI score0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.9 views

PT-2026-3843

D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious...

8.4CVSS5.8AI score0.00141EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/05 5:56 p.m.14 views

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities again...

6.8AI score
Exploits0
Rows per page
Query Builder