Payara Server - Cross-Site Scripting

Payara Server versions 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 contain a stored XSS vulnerability caused by improper input sanitization in the REST Management Interface. This allows attackers to mislead administrators into changing the admin password via a URL payload; however, the exploit...

CVE-2025-9289

A Cross-Site Scripting XSS vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If...

PT-2026-4284

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A Cross-Site Scripting XSS issue exists in a parameter within Omada Controllers because of insufficient input sanitization. Successful exploitation requires specific conditions,...

EUVD-2025-204965

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...

EUVD-2021-10377

Malware in sbrugna...

EUVD-2021-10383

Malware in sbrugna...

EUVD-2024-48842

Malicious code in bioql PyPI...

EUVD-2024-44073

Malicious code in bioql PyPI...

CVE-2025-8612

CVE-2025-8612 affects AOMEI Backupper Workstation. The flaw exists in the restore functionality: by creating a junction, an attacker can abuse the service to create arbitrary files and escalate privileges to SYSTEM. This requires local code execution with low privileges and administrator user int...

PT-2024-17753 · Paessler · Paessler Prtg Network Monitor

Name of the Vulnerable Software and Affected Versions: Paessler PRTG Network Monitor affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. The specific flaw exists within the...

CVE-2021-23282

Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...

CVE-2021-23282 Stored Cross-site Scripting reported in Intelligent Power Manager v1

Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...

CVE-2021-23282 Stored Cross-site Scripting reported in Intelligent Power Manager v1

Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...

CVE-2024-7240 F-Secure Total Link Following Local Privilege Escalation Vulnerability

F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exist...

CVE-2024-7240 F-Secure Total Link Following Local Privilege Escalation Vulnerability

F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exist...

PT-2024-38200 · F Secure · F-Secure Total

Name of the Vulnerable Software and Affected Versions: F-Secure Total affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. User interaction by an administrator is required to exploit it. The flaw exists within the...

CVE-2024-6598 Denial-of-service on KNIME Business Hub when certain jobs are executed

A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processin...

ESET Smart Security Premium Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an...

CVE-2024-4454 WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to...