217644 matches found
CVE-2026-63093
Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
CVE-2026-15379
CVE-2026-15379 : The Altiris WMI provider exposes the AltirisAgent_Stream class, allowing any local standard user to read files accessible to the SYSTEM context, bypassing filesystem ACLs. The provider uses LocalSystem context for WMI queries without re-impersonating the caller, enabling read acc...
Gradio - Absolute Path Traversal
Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
LOLLMS WebUI - Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
Apache OFBiz - Remote Code Execution
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45507 info: name: Apache OFBiz -...
EasySpider 0.6.2 - Arbitrary File Read
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...
WebIQ 2.15.9 - Directory Traversal
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. id: CVE-2024-8752 info: name: WebIQ 2.15.9 - Directory Traversal author: s4e-io severity: high description: | The Windows version of WebIQ 2.15.9 is...
Academy LMS 6.2 - Cross-Site Scripting
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Splunk Enterprise - Local File Inclusion
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. id: CVE-2024-36991 info: name: Splunk...
CVE-2026-40106
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards or...
CVE-2026-40106 Wazuh: Heap-based Buffer Overflow in syscheck Registry Wildcard Expansion (LPE / DoS)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards or...
CVE-2026-40106
Summary: CVE-2026-40106 affects the Windows agent of Wazuh (versions 4.6.0–pre-4.14.5). A heap-based buffer overflow occurs in the syscheck component during registry wildcard expansion. The code allocates a fixed 256-byte heap buffer (OS_SIZE_256); creating a registry subkey of maximum length (25...
CVE-2026-59117
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network...
CVE-2026-58643
Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...