CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26169

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2024-6648

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

CVE-2024-6648

CVE-2024-6648 describes an Absolute Path Traversal in AP Page Builder (AP Page Builder plugin) for versions prior to 4.0.0. An unauthenticated remote attacker could modify the product_item_path in the config JSON, enabling reading arbitrary files on the system. Affected: AP Page Builder

CVE-2024-6648 Path Traversal in AP Page Builder

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

CVE-2025-26845 describes an Eval Injection vulnerability in Znuny up to version 7.1.3. A user with write access to the configuration file can cause code execution via the command that runs the backup.pl script, effectively allowing escalation to the user running that script. The primary affected ...

CVE-2025-26168

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, ca...

CVE-2025-26169

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be...

PT-2025-20292 · Unknown · Ixon Vpn Client

Name of the Vulnerable Software and Affected Versions: IXON VPN Client versions prior to 1.4.4 Description: The issue allows Local Privilege Escalation to root due to code execution from a configuration file that can be controlled by a low-privileged user. A race condition exists in which a...

Configure a Proper Number of Concurrent Sessions Allowed for a Single SSH Connection

SSH allows a client that supports multiplexing to establish multiple sessions based on a network connection. MaxSessions limits the number of concurrent SSH sessions that can be established for each network connection. This prevents system resources from being occupied by a single connection or a...

CVE-2025-26169

CVE-2025-26169 affects IXON VPN Client for Windows prior to 1.4.4. The issue allows Local Privilege Escalation to SYSTEM due to code execution from a configuration file that can be controlled by a low-privileged user, with a race condition that lets a temporary config file in a world-writable dir...

CVE-2025-26168

IXON VPN Client prior to 1.4.4 on Linux and macOS is affected by a Local Privilege Escalation to root. The flaw stems from code execution originating from a configuration file that can be controlled by a low-privileged user, via a race condition where a temporary configuration file in a world-wri...

CVE-2025-26168

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, ca...

GO-2025-3650 Go Snowflake Driver has race condition checking access to Easy Logging config file in github.com/snowflakedb/gosnowflake

Go Snowflake Driver has race condition checking access to Easy Logging config file in github.com/snowflakedb/gosnowflake...

CVE-2025-24340

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...

CVE-2025-46328

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...

CVE-2025-24340

CVE-2025-24340 affects ctrlX OS. The vulnerability is in the users configuration file, allowing a remote authenticated (low-privileged) attacker to recover plaintext passwords of other users. CVSS 3.1 base score 6.5 (Network, Low AWS, Privileges Required: Low, User Interaction: None, Confidential...