Vulnerabilidades CVE

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged...

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the...

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a deni...

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploite...

Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the ...

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerab...

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls comp...

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption...

An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in...

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to ...

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege w...

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on condit...

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, c...

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cau...

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional exe...

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd...

Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data exe...

Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege ...

In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is n...

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of thi...

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat...

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International...

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat...

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat...

In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa....

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary co...

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string wit...

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability m...

ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrar...

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary ...

In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution pr...

Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code ex...

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary c...

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure...

Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab.  This vulnerability may result in information disclosure or arbitrary code ex...