Lucene search
K

3322 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2025-13499

Open WebUI allows limited stored XSS vila uploaded html file...

6.3CVSS5.9AI score0.003EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free read flaw was discovered in the sockgetsockopt function in net/core/sock.c, due to race conditions involving SOPEERCRED and SOPEERGROUPS functions when used with listen and connect in the Linux kernel. In this flaw, an attacker with user privileges could potentially crash the...

6.8CVSS6.7AI score0.01747EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50492

Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...

4.4CVSS6.3AI score0.00118EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50532

Name of the Vulnerable Software and Affected Versions Punto Switcher affected versions not specified Description An unquoted-path flaw allows the execution of attacker-placed code at the user's privilege level. This issue occurs during a call made by a signed Windows binary at launch, enabling...

8.5CVSS6.5AI score0.00149EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.8 views

SUSE CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References3
OSV
OSV
added 2026/06/12 8:16 p.m.7 views

DEBIAN-CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48968

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A flaw allows a program capable of writing bytes to the terminal—such as a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, or an issue body in a TUI—to...

7.8CVSS5.8AI score0.00164EPSS
Exploits1References5
Veracode
Veracode
added 2026/06/09 7:49 a.m.14 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35076

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35085

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...

8.8CVSS5.8AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35083

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...

8.8CVSS5.8AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.14 views

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.15 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.13 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS5.6AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.13 views

CVE-2026-35077

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS5.6AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:22 p.m.9 views

EUVD-2019-20171

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46205

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References5
Rows per page
Query Builder