636 matches found
CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...
CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...
EUVD-2026-13750
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...
CVE-2026-32310
** vulnerability overview \n\nCryptomator prior to 1.19.1 parses vault configuration before verifying its integrity, and the masterkeyfile loader uses an unverified keyId as a filesystem path. The code resolves keyId.getSchemeSpecificPart() against the vault path and immediately checks existence,...
CVE-2026-24283
CVE-2026-24283 involves a local elevation-of-privilege in the UNC Provider Kernel Driver. The vulnerability is rated HIGH with CVSS 3.1: 8.8, impacting confidentiality, integrity, and availability at HIGH levels, exploitable with LOCAL attack vector and LOW complexity, requiring LOW privileges an...
CVE-2026-27615
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...
CVE-2026-27615
CVE-2026-27615 affects ADB Explorer for Windows prior to Beta 0.9.26022. The vulnerability arises when ManualAdbPath is set to a UNC path, enabling an attacker to point the ADB binary to a remote, attacker-controlled network resource. If a user runs a shortcut that points to a crafted App.txt set...
CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...
PT-2026-21842
Name of the Vulnerable Software and Affected Versions ADB Explorer versions prior to Beta 0.9.26022 Description ADB Explorer, a fluent UI for ADB on Windows, allows manipulation of the ManualAdbPath settings variable. This variable defines the path to the ADB binary. Setting this variable to a...
CVE-2026-26333
Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...
PT-2026-8030
Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2022 R1 Description An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including EndeavorServer.rem and...
📄 Microsoft Windows 10 / 11 NTLM Hash Disclosure Spoofing
Microsoft Windows 10 / 11 proof of concept exploit that generates a .library-ms XML file pointing to a network share UNC. When opened/imported on Windows, the library points to the specified UNC path. Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author:...
windows 10/11 - NTLM Hash Disclosure Spoofing
Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.microsoft.com Software Link: N/A Version: Not applicable this is a generic Windows library file behavior Tested on: Windows 10 x64 / Windows 11 x64 lab...
CVE-2026-25067
SmarterTools SmarterMail before build 9518 is affected by an unauthenticated path coercion in the background-of-the-day preview endpoint. The flaw stems from base64-decoding attacker-supplied input and using it as a filesystem path without validation, which on Windows can resolve UNC paths and tr...
CVE-2023-50916
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...
curl: File URL UNC Path Access (Windows SSRF)
Vulnerability Details - CVSSv3: 7.5 High - Windows only - File: lib/urlapi.c:974-1030 - Issue: Windows file:// URLs accept UNC paths to remote servers - Impact: SSRF, unauthorized network file access, credential theft Vulnerable Code c // lib/urlapi.c:974-1030 ifptr0 != '/' &&...
CVE-2025-59775
Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...
UBUNTU-CVE-2025-59775
NTLM Leakage on Windows through UNC SSRF...
PT-2025-48076
Name of the Vulnerable Software and Affected Versions UnForm Server versions prior to 10.1.15 Description UnForm Server versions prior to 10.1.15 have an unauthenticated arbitrary file read and SMB coercion issue in the Doc Flow feature’s arc endpoint. The Doc Flow module uses the arc handler to...
CVE-2025-30201
CVE-2025-30201 affects Wazuh Agent prior to version 4.13.0. The vulnerability allows authenticated attackers to force NTLM authentication through crafted UNC paths in various agent configuration settings, enabling NTLM relay attacks that could lead to privilege escalation and remote code executio...