Total
1626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9514 | 1 Atlassian | 1 Bamboo | 2026-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | |||||
| CVE-2017-0352 | 1 Nvidia | 1 Gpu Driver | 2026-05-13 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges | |||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
| CVE-2017-15611 | 1 Octopus | 1 Octopus Deploy | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | |||||
| CVE-2017-0845 | 1 Google | 1 Android | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. | |||||
| CVE-2017-6950 | 1 Sap | 1 Gui For Windows | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | |||||
| CVE-2017-9792 | 1 Apache | 1 Impala | 2026-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external. | |||||
| CVE-2017-1000134 | 1 Mahara | 1 Mahara | 2026-05-13 | 6.5 MEDIUM | 8.1 HIGH |
| Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | |||||
| CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-1266 | 1 Ibm | 1 Security Guardium | 2026-05-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | |||||
| CVE-2017-0601 | 1 Google | 1 Android | 2026-05-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579. | |||||
| CVE-2026-7431 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2026-05-12 | N/A | 4.4 MEDIUM |
| An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | |||||
| CVE-2026-8110 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | N/A | 7.8 HIGH |
| Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2026-41686 | 1 Anthropic | 1 Claude Sdk For Typescript | 2026-05-12 | N/A | 4.4 MEDIUM |
| Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (0o666 for files, 0o777 for directories), leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. This issue has been patched in version 0.91.1. | |||||
| CVE-2026-42812 | 1 Apache | 1 Polaris | 2026-05-12 | N/A | 9.9 CRITICAL |
| In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a Polaris-managed catalog, changing only that property through an `ALTER TABLE`-style settings change (not a row-level `INSERT`, `SELECT`, `UPDATE`, or `DELETE`) bypasses the commit-time branch that is supposed to revalidate storage locations. The full persisted / credential-vending variant requires the affected catalog to have `polaris.config.allow.unstructured.table.location=true`, with `allowedLocations` broad enough to include the attacker-chosen target. `allowedLocations` is the admin-configured allowlist of storage paths that the catalog is allowed to use. Public project materials suggest that this flag is a real supported compatibility / layout mode, not just a contrived lab-only prerequisite. In that configuration, a user who can change table settings can cause Apache Polaris itself to write new table metadata to an attacker-chosen reachable storage location before the intended location-validation branch runs. If the later concrete-path validation also accepts that location, Polaris persists the resulting metadata path into stored table state. Later table-load and credential APIs can then return temporary cloud-storage credentials for the same location without revalidating it. In plain terms, Polaris can later hand out temporary storage access for the same attacker-chosen area. That attacker-chosen area does not need to be limited to the poisoned table's own files. If it is a broader storage prefix, another table's prefix, or, depending on configuration or provider behavior, even a bucket/container root, the resulting disclosure or corruption scope can extend to any data and metadata Polaris can reach there. The practical consequences are therefore similar to the staged-create credential-vending issue already discussed: data and metadata reachable in that storage scope can be exposed and, if write-capable credentials are later issued, modified, corrupted, or removed. Even before that later credential step, Polaris itself performs the metadata write to the unchecked location. So the core issue is not only later credential vending. The primary defect is that Polaris skips its intended location checks before performing a security- sensitive metadata write when only `write.metadata.path` changes. When `polaris.config.allow.unstructured.table.location=false`, current code review suggests the later `updateTableLike(...)` validation usually rejects out-of-tree metadata locations before the unsafe path is persisted. That may reduce the persisted / credential-vending variant, but it does not prevent the underlying defect: Polaris still skips the intended pre-write location check when only `write.metadata.path` changes. | |||||
| CVE-2026-41288 | 1 Watchguard | 1 Agent | 2026-05-11 | N/A | 7.8 HIGH |
| Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM. | |||||
| CVE-2026-8069 | 2026-05-08 | N/A | N/A | ||
| PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges. | |||||
| CVE-2026-3315 | 2 Assaabloy, Microsoft | 2 Visionline, Windows | 2026-05-07 | N/A | 7.8 HIGH |
| Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | |||||
| CVE-2026-6499 | 2026-05-05 | N/A | N/A | ||
| Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5. | |||||
| CVE-2026-6386 | 1 Freebsd | 1 Freebsd | 2026-05-01 | N/A | 6.2 MEDIUM |
| In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access. | |||||