Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...

CVE-2026-7860

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

CVE-2025-67781

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

CVE-2025-67787

DriveLock Operations Center is affected by a Cross Site Scripting (XSS) flaw in versions 25.1.2 through 25.1.4, enabling potential session takeover over the network. The issue is documented across multiple sources (Red Hat, NVD, CNNVD, etc.) and is tied to version 25.1.2 before 25.1.5. The common...

EUVD-2025-203947

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, 24.2.7, and 25.1.5, which stems from a local unprivileged user being able to manipulate a privileged process, potentially leading to...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, prior to 24.2.7, and prior to 25.1.5, which originates from a local, unprivileged user being able to manipulate the DriveLock process in a...

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

CVE-2025-67781

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

EUVD-2025-203940

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers...

PT-2025-51895

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description Local users with limited privileges can manipulate processes running with higher privileges on Windows systems. Th...

DriveLock Operations Center 安全漏洞

DriveLock Operations Center is a centralized management console from DriveLock Germany. A security vulnerability exists in DriveLock Operations Center versions prior to 25.1.5 that stems from the presence of a cross-site scripting issue that could lead to a session takeover over the network...

CVE-2025-67787

An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting XSS issue in DriveLock Operations Center allows for session takeover over a network...

DriveLock 安全漏洞

DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions prior to 24.1.6, prior to 24.2.7, and prior to 25.1.5, which originates from an unprivileged user who may be able to cause a Windows computer to experience ...