Lucene search
K

60404 matches found

NVD
NVD
added 2026/03/26 11:16 a.m.4 views

CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

8.8CVSS0.00449EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 10:55 a.m.8 views

CVE-2026-24068

The CVE-2026-24068 issue affects Vienna Assistant (MacOS) via the VSL privileged helper that uses NSXPC for IPC. The core problem is that shouldAcceptNewConnection does not validate clients, allowing any process to connect and invoke HelperToolProtocol functions, notably writeReceiptFile and runU...

8.8CVSS5.9AI score0.00449EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 10:55 a.m.1 views

CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

5.9AI score0.00449EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:55 a.m.2 views

CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

8.8CVSS5.9AI score0.00449EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 9:17 a.m.4 views

CVE-2026-34085

A flaw was found in fontconfig. This vulnerability, an off-by-one error in how fontconfig handles font capabilities, could allow a local attacker to cause a one-byte out-of-bounds write. This issue may lead to a system crash, resulting in a Denial of Service DoS, or potentially enable the attacke...

6.6CVSS5.8AI score0.00125EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/26 8:19 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via FileHandle.chmod or FileHandle.chown functions which can use a "read-only" file descriptor to change the owner and permissions of a file. Notes: - This is only exploitable for users using the experimental...

4.4CVSS6.6AI score0.00395EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:5 a.m.7 views

net: annotate data-races around sk->sk_{data_ready,write_space}

...

7.1CVSS5.8AI score0.00089EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:2 a.m.7 views

bpf: Fix stack-out-of-bounds write in devmap

...

8.8CVSS5.8AI score0.00129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:1 a.m.4 views

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
EUVD
EUVD
added 2026/03/26 6:30 a.m.3 views

EUVD-2026-16096

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

7CVSS6.8AI score0.00174EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 4:18 a.m.26 views

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

7CVSS0.00174EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/26 12:24 a.m.2 views

SUSE CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3
CNVD
CNVD
added 2026/03/26 12:0 a.m.4 views

Canva Affinity Out-of-Bounds Write Vulnerability

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code using a specially crafted EMF file...

7.8CVSS6.3AI score0.00269EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-28337

Name of the Vulnerable Software and Affected Versions Vienna Assistant affected versions not specified Description The Vienna Assistant privileged helper utilizes NSXPC for Inter-Process Communication IPC. The implementation of the shouldAcceptNewConnection function, used by the NSXPC framework t...

8.8CVSS6AI score0.00449EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

SUSE SLES15 Security Update : kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:0997-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0997-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: ...

7.1CVSS6.8AI score0.00196EPSS
Exploits0References28
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

GREEN HOUSE Digital Photo Frame 安全漏洞

GREEN HOUSE Digital Photo Frame is an electronic photo frame device produced by the Japanese company GREEN HOUSE. The GREEN HOUSE Digital Photo Frame GH-WDF10A has a security vulnerability. This vulnerability stems from active debugging code, which may allow reading or writing file configurations...

7CVSS6.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the pongo2 template in instance template files, which bypassed the chroot isolation mechanism, potentially allowing...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.12 views

PT-2026-28360

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, the ISO15118 chargerImpl::handle session setup function copies a variable-length payment options list into a fixed-size array o...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

godoxy 路径遍历漏洞

Godoxy is a lightweight reverse proxy tool developed by Yuzerion’s individual developers. Versions of Godoxy prior to 0.27.5 contained a path traversal vulnerability. This vulnerability stemmed from the file content API endpoint’s lack of protection against path traversal, potentially allowing...

6.5CVSS6.5AI score0.00502EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Zoraxy 路径遍历漏洞

Zoraxy is a general-purpose HTTP reverse proxy and forwarding tool developed by Toby Chui. Versions of Zoraxy prior to 3.3.2 contained a path traversal vulnerability. This vulnerability stemmed from the configuration import endpoint allowing authenticated path traversal, which could lead to...

8.8CVSS6.8AI score0.00434EPSS
Exploits1References3
Rows per page
Query Builder