Lucene search
+L

289 matches found

NVD
NVD
added yesterday3 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS0.0009EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 9:16 p.m.5 views

CVE-2026-55881

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.41 views

CVE-2026-12408 Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS0.00257EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 8:16 a.m.9 views

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 7:3 a.m.23 views

CVE-2026-56129

CVE-2026-56129 concerns a vulnerability in a Generic IO & Memory Access driver for PCs from Toshiba Corporation and Dynabook Inc. that exposes its IOCTL with insufficient access control. The flaw enables a logged-in user with no administrative privilege to access physical memory through the drive...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:8 p.m.4 views

CVE-2026-48616

Rocket.Chat versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rcroomtype=l with rcrid+rctoken, but the authorization path does not verify...

9.3CVSS7.2AI score0.00304EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-9789

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.6AI score0.00152EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 9:16 a.m.15 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Redline WR3200 安全漏洞

The Redline WR3200 is a Wi-Fi 4 router from the Turkish company Redline, capable of supporting 300Mbps wireless transmission. The Redline WR3200 versions from 7.1.3 to 7.1.8 have security vulnerabilities. These vulnerabilities stem from improper authentication, lack of authentication for critical...

9.8CVSS5.4AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 3:16 a.m.21 views

CVE-2026-9789

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS0.00152EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 2:39 a.m.37 views

CVE-2026-9789

The CVE-2026-9789 entry describes a Local Privilege Escalation affecting Acer NitroSense software prior to 3.01.3052. The root cause is a PSAdminAgent service that creates a Named Pipe with a weak ACL, allowing any authenticated local user to connect and issue commands. The service does not verif...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:39 a.m.8 views

CVE-2026-9789 NitroSense V3: Security Vulnerability Information

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 2:39 a.m.38 views

CVE-2026-9789 NitroSense V3: Security Vulnerability Information

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS0.00152EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 2:39 a.m.14 views

EUVD-2026-32700

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:39 a.m.13 views

CVE-2026-9789

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44171

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References2
HackRead
HackRead
added 2026/05/07 11:36 a.m.32 views

Why Outdated Maintenance Software Is a Growing Ransomware Risk

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

HCL BigFix Service Management 日志信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References1
Rows per page
Query Builder