CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2026-25359

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...

CVE-2019-25359

creationtimestamp| type| source ---|---|--- 2026-02-21 13:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfeojaookn24...

CVE-2019-25359

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enablin...

CVE-2019-25359 SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enablin...

CVE-2021-25359

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications...

CVE-2024-12552 Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

CVE-2024-25359

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

CVE-2024-25359

CVE-2024-25359 affects zuoxingdong lagom v0.1.2. The issue allows a local attacker to execute arbitrary code via the pickle_load function in serialize.py. CVSS v3.1 metrics indicate Local attack vector, Low attack complexity, Privileges Required Low, with High confidentiality impact and Moderate ...

CVE-2024-25359

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published eight Industrial Control Systems ICS advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682 CVSS score: 9....

CVE-2022-25359

CVE-2022-25359 affects Industrial Control Links ScadaFlex II SCADA Controllers SC-1/SC-2. According to ICS/CISA data, unauthenticated remote attackers can overwrite, delete, or create files via external control of file name or path (CWE-73). Affected SW versions include 1.03.07 (build 317) and ol...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD

Exploit Title: CL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page:...

CVE-2020-25359

creationtimestamp| type| source ---|---|--- 2021-08-20 22:23:42+00:00| seen| https://t.me/cibsecurity/27656...

CVE-2020-25359

The CVE-2020-25359 issue affects rConfig 3.9.5 and is fixed in 3.9.6. An attacker can delete arbitrary files by crafting a request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php, supplying a path in the path parameter and an extension in the ext parameter to delete all files with that extensi...

CVE-2021-25359

The CVE-2021-25359 entry describes an improper SELinux policy in Samsung’s SMR APR-2021 Release 1 prior builds that permits local attackers to access AP information via untrusted apps. Public records from multiple sources (e.g., Red Hat advisory, CNVD) align on a local-attack scenario stemming fr...