Lucene search
K

3195 matches found

NVD
NVD
added yesterday7 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-57239

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS6AI score0.00113EPSS
Exploits0References2Affected Software2
CVE
CVE
added yesterday8 views

CVE-2026-57239

Foxit CVE-2026-57239 is a Local Privilege Escalation in Foxit PDF Editor/Reader where user‑controllable executables can be directly executed by high‑privilege processes, enabling a low‑privilege user to escalate to NT AUTHORITY\SYSTEM. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector, LOW ...

8.2CVSS6AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-57239 Foxit PDF Editor/Reader Local Privilege Escalation

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...

8.2CVSS0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2 days ago17 views

CVE-2026-46672

The CVE-2026-46672 entry describes a local CSV formula-injection flaw in the @actual-app/cli before version 26.6.0. The CLI uses a hand-rolled CSV serializer in packages/cli/src/output.ts with an escapeCsv that only neutralizes RFC 4180 delimiters (comma, quote, newline) and does not neutralize c...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2 days ago5 views

GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...

8.7CVSS5.9AI score0.00516EPSS
Exploits0References2
NVD
NVD
added 2 days ago9 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-42015

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-5799 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-5799

CVE-2026-5799 is an IDOR in Idvlabs’ Ontime affecting versions up to 04052026, caused by a user-controlled key that enables an authorization bypass. The vulnerability allows exploitation of trusted identifiers and is rated CVSSv3.1 = 7.5 (HIGH) with network attack vector, low attack complexity, n...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-5730 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2 days ago3 views

Langflow Authorization Bypass Through User-Controlled Key Vulnerability

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request...

8.4CVSS6AI score0.00438EPSS
In wildExploits2
Snyk
Snyk
added 4 days ago6 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-54424

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...

8.4CVSS6AI score0.00245EPSS
Exploits1References5
Snyk
Snyk
added 6 days ago4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Rows per page
Query Builder