Lucene search
K

546 matches found

NVD
NVD
added yesterday2 views

CVE-2026-50418

Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally...

5.1CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-50326 Windows Unified Consent System Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-50318 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

...

7.8CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday7 views

Windows System Secure Feature Bypass Vulnerability

Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally...

5.1CVSS6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.41 views

CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

0.00222EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:5 p.m.10 views

CVE-2026-11147

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00354EPSS
Exploits0
NVD
NVD
added 2026/06/02 10:16 p.m.25 views

CVE-2021-4480

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 2:6 a.m.25 views

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40971

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the software installer pipeline allows a crafted software package to execute arbitrary commands as root on macOS and Linux, or as SYSTEM on Windows, when an uninstall is triggered. When...

9.8CVSS6.2AI score0.00773EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.18 views

Palo Alto GlobalProtect App 6.0.x < 6.0.13 / 6.2.x < 6.2.8-h10 / 6.3.x < 6.3.3-h9 Multiple Vulnerabilities

The version of Palo Alto GlobalProtect App installed on the remote host is 6.0.x prior to 6.0.13, 6.2.x prior to 6.2.8-h10, or 6.3.x prior to 6.3.3-h9. It is, therefore, affected by multiple vulnerabilities: - A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that...

8.5CVSS7.7AI score0.00208EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:51 p.m.7 views

CVE-2026-0246

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code an...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:20 p.m.15 views

CVE-2026-0251

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative...

6.1AI score0.00155EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40752

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Multiple local privilege escalation issues in the GlobalProtect app allow a local user to elevate their privileges to NT AUTHORITYSYSTEM on Windows and root on...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:38 p.m.4 views

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

5.4CVSS5.7AI score0.00108EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/17 11:16 a.m.8 views

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

6.9CVSS0.00426EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 10:45 a.m.9 views

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

6.9CVSS5.7AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 10:42 p.m.2 views

CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

7.1CVSS6.2AI score0.00607EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2026-22617

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.01248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.4 views

CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability

...

6.8CVSS5.8AI score0.00522EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.164 views

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

6AI score
Exploits0
Rows per page
Query Builder