|
931
|
- |
|
-
|
-
|
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with a…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20714
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
- |
|
-
|
-
|
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-20767
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
New
|
CWE-93
CRLF Injection
|
CVE-2026-35504
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
8.2 |
HIGH
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-26289
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-33570
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-35555
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
7.8 |
HIGH
Local
|
-
|
-
|
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-8108
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.
New
|
-
|
CVE-2026-37430
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper aut…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31215
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31216
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
