CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

PT-2025-34199

Name of the Vulnerable Software and Affected Versions: WP Webhooks plugin for WordPress versions up to and including 3.3.5 Description: The WP Webhooks plugin for WordPress is susceptible to arbitrary file copy due to insufficient validation of user-supplied input. This allows unauthenticated...

CVE-2025-8453

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...

ThriveX-Blog 安全漏洞

ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...

Linux Distros Unpatched Vulnerability : CVE-2020-7788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the...

Bottinelli Informatical Vedo Suite Information Disclosure Vulnerability

Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. An information disclosure vulnerability exists in Bottinelli Informatical Vedo Suite, which stems from plaintext credentials stored in the...

CVE-2025-30027

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a...

CVE-2025-50515

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...

CVE-2011-10012

NetOp Remote Control Client (now Impero) v9.5 contains a stack-based buffer overflow when parsing .dws configuration files. If a .dws string exceeds 520 bytes, bounds checking fails, potentially allowing arbitrary code execution when the file is opened. Public references confirm the vulnerable co...

CVE-2011-10014 GTA SA-MP server.cfg Buffer Overflow

GTA San Andreas Multiplayer SA-MP server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary samp-server.exe processes a crafted ech...

Exploit for Command Injection in Microsoft

💥 CVE-2025-53773 — Remote Code Execution in GitHub Copilot 💥...

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...

Exploit for Path Traversal in Rarlab Winrar

WinRAR-CVE-2025-8088-PoC-RAR WinRAR 0day CVE-2025-8088 PoC RA...

CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...

CVE-2025-40753

Affected devices POWER METER SICAM Q100 (versions 2.60–2.61) and Q200 (versions 2.70–2.79) export the SMTP password in plain text within the Configuration File. This local-authenticated exposure allows an attacker with access to the device to extract credentials and abuse the configured SMTP serv...

CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...

CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...