Export limit exceeded: 361510 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0268 | 1 Palo Alto Networks | 1 Prisma Access Agent | 2026-06-11 | N/A |
| A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS. | ||||
| CVE-2026-47648 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7 High |
| Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-8637 | 1 Lenovo | 1 Lanschool Classic | 2026-06-10 | 7.8 High |
| A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges. | ||||
| CVE-2026-24064 | 1 Waves Audio | 1 Waves Central | 2026-06-10 | 7.8 High |
| Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2. | ||||
| CVE-2024-43616 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2026-06-09 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-43576 | 1 Microsoft | 3 365 Apps, Office 2024, Office Long Term Servicing Channel | 2026-06-09 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2026-11400 | 1 Aws | 1 Aws Advanced Jdbc Wrapper | 2026-06-09 | 8 High |
| An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1. | ||||
| CVE-2026-36574 | 1 Wassimulator | 1 Cactusviewer | 2026-06-08 | 7.8 High |
| A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | ||||
| CVE-2026-11401 | 1 Aws | 1 Aws Advanced Go Wrapper | 2026-06-08 | 8 High |
| An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26 | ||||
| CVE-2026-28704 | 2 Japan Computer Emergency Response Team Coordination Center (jpcert/cc), Jpcert | 2 Emocheck, Emocheck | 2026-06-08 | N/A |
| Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck. | ||||
| CVE-2026-41567 | 1 Moby | 1 Moby | 2026-06-05 | 7.2 High |
| Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images | ||||
| CVE-2026-50033 | 1 Acronis | 1 Acronis Devicelock Dlp | 2026-06-04 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | ||||
| CVE-2026-44682 | 1 Acronis | 1 Acronis Devicelock Dlp | 2026-06-04 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | ||||
| CVE-2026-44609 | 1 Acronis | 1 Acronis Devicelock Dlp | 2026-06-04 | N/A |
| Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | ||||
| CVE-2025-14018 | 2026-06-04 | 7.3 High | ||
| Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affects e-Fatura: before 1.2.15. | ||||
| CVE-2026-44477 | 2 Cloudnative-pg, Linuxfoundation | 2 Cloudnative-pg, Cloudnativepg | 2026-06-03 | 9.9 Critical |
| CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3. | ||||
| CVE-2026-3198 | 2 Lfprojects, Mlflow | 2 Mlflow, Mlflow/mlflow | 2026-06-03 | 6.5 Medium |
| MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlflow/server/auth/__init__.py` does not include entries for `ListGatewaySecretInfos`, `ListGatewayEndpoints`, and `ListGatewayModelDefinitions`. This allows any authenticated user, regardless of their assigned permissions, to enumerate all gateway secrets, endpoints, and model definitions. This vulnerability exposes sensitive information, such as API keys, endpoint configurations, and proprietary model definitions, to unauthorized users. | ||||
| CVE-2026-30906 | 1 Zoom | 1 Rooms | 2026-06-03 | 7.8 High |
| Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2026-49299 | 1 Openstack | 1 Neutron | 2026-06-02 | 4.3 Medium |
| In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected. | ||||
| CVE-2026-47092 | 1 Jarrodwatts | 2 Claude-hud, Claude Hud | 2026-06-02 | 7.8 High |
| Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version check, causing execFile() to execute the attacker-supplied executable with cmd.exe arguments, resulting in arbitrary code execution on Windows systems. | ||||