CVE-2025-12694 Local Privilege Escalation in VPN Client

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

CVE-2025-12694

Forcepoint VPN Client for Windows is affected by a local privilege escalation (CVE-2025-12694) that allows a local non-administrative user to escalate privileges to SYSTEM. Affected versions: Windows client 6.11.3 and prior. The vulnerability is local with low attack complexity and no user intera...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44294 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44294 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643294...

GHSA-9M93-W8W6-76HH Mongoose Prototype Pollution vulnerability

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20...

GHSA-G954-5HWP-PP24 Prototype Pollution in protobufjs

The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable. This vulnerability can occur in multiple ways: 1...

CVE-2022-25878 Prototype Pollution

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption...

Node.js third-party modules: [dy-server2] - stored Cross-Site Scripting

I would like to report Stored XSS in dy-server2 It allows to steal session cookies, deface web , execute anything code javascript Module module name: dy-server2 version: dy-server2 npm page: https://www.npmjs.com/package/dy-server2 Module Description 这是一款轻量级http服务器，可用于文件传输，前端项目预览。 Module Stats...