983 matches found
EUVD-2023-23666
Malicious code in bioql PyPI...
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy class. The issue results from the lack of proper validation of...
CVE-2025-8610 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...
CVE-2025-34153
Hyland OnBase versions prior to 17.0.2.87 other versions may be affected are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in...
Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability
This vulnerability allows local attackers to read arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
(Pwn2Own) Microsoft Windows 11 vhdmp Improper Validation of Array Index Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Virtual Hard...
CVE-2012-10047
CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...
PT-2025-32400
Name of the Vulnerable Software and Affected Versions: Cyclope Employee Surveillance Solution versions 6.x Description: Cyclope Employee Surveillance Solution versions 6.x contains a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly...
(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StorageNode service, which listens on TCP port 9075 by default. The issue results...
CVE-2025-8192 Race condition in AndroidTV TvSettings
There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...
AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG TuneUp...
AVG TuneUp for PC TuneUp Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TuneUp Service...
Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fillLftOrLfdInfo method. The issue results from the...
The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption (TMEE) allows a malicious actor to execute arbitrary code within the SYSTEM context.
The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption TMEE involves insufficient validation of input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code within the SYSTE...
The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitra...
Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobManagmentService component. The issue results from improper...
Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20444)
Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteEventLogFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM...
Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20443)
Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteAppFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM context...
Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20449)
Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in getFileUploadSize. An attacker could exploit the vulnerability to disclose information in the SYSTEM context...