Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-20106 Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalati... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36522 Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversa... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-9907 A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-22849 Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-1585 An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-9909 A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//)... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-13818 Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 6.7 | MEDIUM | — | 0 |
| CVE-2026-26972 OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20099 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-9908 A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructu... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36511 Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an au... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-27653 The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges. | 6.7 | MEDIUM | — | 0 |
| CVE-2026-24777 OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47337 Memory corruption while accessing a synchronization object during concurrent operations. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14614 Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20805 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-59888 Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has be... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20786 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14625 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows ... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20804 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47336 Memory corruption while performing sensor register read operations. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-69257 theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47335 Memory corruption while parsing clock configuration data for a specific hardware type. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20785 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20876 Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-36192 IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW up... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20968 Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14612 Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14605 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14599 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.Th... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14596 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47344 Memory corruption while handling sensor utility operations. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47334 Memory corruption while processing shared command buffer packet between camera userspace and kernel. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20803 In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interact... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20784 In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User inter... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20802 In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interac... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20787 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20806 In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction i... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20782 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20783 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-20807 In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User intera... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-47332 Memory corruption while processing a config call from userspace. | 6.7 | MEDIUM | — | 0 |
| CVE-2026-22596 Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authent... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-0027 In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-23651 Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20436 In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System pri... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-29608 OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the work... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20440 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-48418 A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnal... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20428 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.