199 matches found
CVE-2026-48904
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
Malicious code in claw_messenger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ae01d96f3589f6660b2aa5f459595c9346ab885eda35196dae6252775f986a On npm install, this package's postinstall hook performs two unsafe install-time actions. First, dist/postinstall.js spawns a detached npm install -g...
CVE-2025-13154
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...
CVE-2019-16860
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library DLL. The Code42 service could then load it at runtime, and potentially execute arbitrary code at an...
Apple macOS Sequoia 安全漏洞
Apple macOS Sequoia is an operating system from Apple USA. A security vulnerability exists in Apple macOS Sequoia prior to version 15.7.3, which originates from an application that may bypass startup constraint protection and execute malicious code with elevated privileges...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation USA that supports flash memory, petabyte file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabytes of file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation USA. A security vulnerability exists in Oracle MySQL for MySQL Server versions 8.0.0 through 8.0.43, 8.4.0 through 8.4.6, and 9.0.0 through 9.4.0, which originates from an attack by an elevated-privilege...
Oracle PeopleSoft 安全漏洞
Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities.PeopleSoft Enterprise PeopleTools is one of the tools and...
Oracle PeopleSoft 安全漏洞
Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities.PeopleSoft Enterprise PeopleTools is one of the tools and...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabytes of file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle Financial Services Applications 安全漏洞
Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in Oracle Financial Services Financial Services Revenue Management and Billing...
Oracle Virtualization 安全漏洞
Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization from the desktop to the data center. Oracle Virtualization has...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabytes of file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabytes of file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabytes of file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attac...
Oracle Virtualization 安全漏洞
Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization from the desktop to the data center. A security vulnerability...
Oracle ZFS Storage Appliance Kit 安全漏洞
Oracle ZFS Storage Appliance Kit is a storage appliance from Oracle Corporation that supports flash memory, petabyte file storage and has a built-in Oracle database. A security vulnerability exists in Oracle Systems' Oracle ZFS Storage Appliance Kit version 8.8, which originates from an attack by...
CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...
PT-2025-42462
Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description A flaw exists due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. This can allow a malicious user to generat...