CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

CVE-2025-70795

STProcessMonitor 11.11.4.0 (Safetica Application suite) is reported to expose a local IOCTL-based termination capability. The vulnerability arises from insufficient caller validation in the driver's IOCTL handler, enabling an admin-privileged user to load the driver and send a crafted IOCTL (0xB8...

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

CVE-2025-29943

CVE-2025-29943 : AMD CPUs (Zen 1–Zen 5; EPYC) contain a hardware/microarchitectural issue where an admin-privileged host can manipulate the CPU pipeline configuration, potentially corrupting the stack pointer inside a SEV-SNP guest. A PoC titled “StackWarp” demonstrates exploitation by a hypervis...

PT-2023-5989 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier Description: The issue is related to the lack of protection...

Server-side Request Forgery (SSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An admin-privilege authenticated attacker can force the application to make arbitrary requests,...

CVE-2023-29293

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's...

CVE-2023-29293

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's...

Unspecified Vulnerability in Wyse ThinOS

Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS that stems from the inclusion of a regular expression denial of service vulnerability in the UI, which can be exploited by an administrator privileged attacker to cause a...

CVE-2020-29607

CVE-2020-29607 affects Pluck CMS prior to 4.7.13, where a file upload restriction bypass in the admin “manage files” functionality allows an authenticated admin to upload a payload and trigger remote code execution. Public references show an authenticated file-upload RCE exploit for Pluck 4.7.13 ...

AdRotate < 5.8.4 - Authenticated SQL Injection

Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. PoC Param "id" is vulneable to SQL Injeciton. Example 1:...