Aggregator

PrivHound Local Privilege Escalation, as a Graph. A BloodHound OpenGraph collector that models Windows local privilege escalation as

The post Connecting the Dots: PrivHound Transforms Windows Local Privilege Escalation into an Explorable Graph appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 11 - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have ...

Currently trending CVE - Hype Score: 11 - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a ...

Currently trending CVE - Hype Score: 1 - Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two ...

Currently trending CVE - Hype Score: 8 - In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix ...

Currently trending CVE - Hype Score: 1 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...

Currently trending CVE - Hype Score: 7 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to ...

Currently trending CVE - Hype Score: 7 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 11 - Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can ...

Currently trending CVE - Hype Score: 7 - Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent ...

A vulnerability labeled as problematic has been found in OliveTin. Affected is an unknown function of the component PasswordHash API Endpoint. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2026-28342. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, was found in Gogs up to 0.14.1. The impacted element is an unknown function. Executing a manipulation can lead to argument injection. This vulnerability is handled as CVE-2026-26194. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in FreePBX up to 16.0.19/17.0.4 and classified as critical. This impacts an unknown function of the component Recordings Module. The manipulation results in os command injection. This vulnerability was named CVE-2026-28209. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in FreePBX up to 16.0.48/17.0.6. It has been classified as critical. Affected is an unknown function. This manipulation causes sql injection. The identification of this vulnerability is CVE-2026-28210. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in FreePBX up to 16.0.9/17.0.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Logfile Module. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-28284. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in FreePBX up to 16.0.19/17.0.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Recordings Module. Performing a manipulation results in os command injection. This vulnerability is identified as CVE-2026-28287. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.