28 matches found
CVE-2026-21287
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21287
creationtimestamp| type| source ---|---|--- 2026-01-13 20:22:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcdezcuppl2a...
CVE-2026-21287
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-21287
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-21287
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
CVE-2025-21287
Windows Installer Elevation of Privilege Vulnerability...
CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
...
CVE-2025-21287
CVE-2025-21287 is a Windows Installer elevation of privilege vulnerability. The linked documents confirm this CVE affects the Windows Installer component in Windows OS, enabling a local attacker with low privileges and no user interaction to elevate privileges. Remediation is provided by Microsof...
CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
...
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management PLM Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 CVSS score: 7.5, could be exploited sans authentication to leak sensitive information. "This vulnerabili...
CVE-2024-21287
creationtimestamp| type| source ---|---|--- 2024-11-18 21:44:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113506140934519890 2024-11-19 00:05:05+00:00| seen| https://t.me/cvedetector/11407 2024-11-19 15:15:04+00:00| seen|...
CVE-2024-21287
...
CVE-2024-21287
CVE-2024-21287 affects Oracle Agile PLM Framework 9.3.6, specifically the Software Development Kit/Process Extension component. The Nessus review notes a vulnerability in 9.3.6.x before 9.3.6.28.3 that enables an unauthenticated, network-accessible attacker (HTTP) to disclose files or access data...
Photon OS 4.0: Mysql PHSA-2022-4.0-0153
An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0153. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50199 D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50199
Summary: CVE-2023-50199 affects D-Link G416 routers, due to a flaw in the httpd service listening on TCP port 80 that allows missing authentication to access a critical function, enabling remote code execution by network-adjacent attackers. The entry is supported by multiple sources (ZDI advisory...
CVE-2023-21287
The CVE-2023-21287 entry concerns a type confusion vulnerability in Google Android that could allow remote code execution without user interaction. Connected sources corroborate that this issue is listed under the Android security bulletin as a high-severity, remote code execution vulnerability a...
CVE-2022-21287 affecting package mysql for versions less than 8.0.28-1
CVE-2022-21287 affecting package mysql for versions less than 8.0.28-1. An upgraded version of the package is available that resolves this issue...