Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

EUVD-2026-31527

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

EUVD-2026-23793

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

IBM DataPower Gateway 安全漏洞

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

CVE-2026-1992

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

CVE-2021-47852

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

CVE-2021-47852 Rockstar Service - Insecure File Permissions

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

CVE-2025-13175 Insecure Password Storage in Y Soft SafeQ 6

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

STVS ProVision 跨站请求伪造漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site request forgery vulnerability exists in STVS ProVision version 5.9.10, which stems from an unauthenticated HTTP request with a cross-site request forgery issue that could lead to the creation of an administrator us...

CVE-2025-1910 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Update Package

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and includi...

CVE-2025-1910

CVE-2025-1910 affects WatchGuard Mobile VPN with SSL Client for Windows (versions 12.0–12.11.2). A locally authenticated, non-administrative user can escalate to NT AUTHORITY/SYSTEM on the host running the VPN client. The issue is confirmed across multiple sources; remediation guidance from PT-20...

CVE-2025-12251

A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...

EUVD-2021-27284

Malware in sbrugna...

EUVD-2019-2687

Malware in sbrugna...

EUVD-2015-1561

Malware in sbrugna...