CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

CVE-2025-57846

CVE-2025-57846 affects Digital Arts i-フィルター products. Root cause: incorrect default permissions (CWE-276) leading to potential arbitrary code execution. Impact: local authenticated attacker can replace a service executable on the host with SYSTEM privileges. Affected products/versions include: i-...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

PT-2025-34837 · I-フィルター · I-フィルター

Name of the Vulnerable Software and Affected Versions: i-フィルター products affected versions not specified Description: Multiple i-フィルター products are affected by incorrect default permissions. A local authenticated attacker may replace a service executable on the system where the product is running,...

Linux Distros Unpatched Vulnerability : CVE-2023-2181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use...

JVN#55678602: Improper file access permission settings in multiple i-フィルター products

Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57846 Impact A...

CVE-2025-9277

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken pregreplace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-56664: bpf, sockmap: fix race between element replace and close bsc1235250 CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in...

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts...

CVE-2025-38584

In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...

Linux Distros Unpatched Vulnerability : CVE-2016-4998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 has a vulnerability in the custom DB::prepare() function that uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This allows injecting user-controlled SQL statements, potentially leading to arbitrary PHP code executio...

CVE-2025-54728

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

CVE-2025-54727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

Linux Distros Unpatched Vulnerability : CVE-2024-10461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow...

CVE-2025-54727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

CVE-2025-54728

Cross-Site Request Forgery CSRF vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through = 1.5.2...

docusign-jsx (=1.0.0), word-replace-contabil (>=1.0.1 <=1.0.9) potentially affected by unknown CVE via word2pdf (=0.0.1-security)

word2pdf NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on word2pdf and may be impacted: - docusign-jsx =1.0.0 - word-replace-contabil =1.0.1, =1.0.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-39417...