209 matches found
CVE-2025-59691
CVE-2025-59691 affects PureVPN Linux clients (CLI 2.0.1 and GUI 2.10.0). The vulnerability allows IPv6 traffic to leak outside the VPN tunnel during events like Wi‑Fi reconnects or system resume, with the CLI auto-reconnect showing as connected while IPv6 isn’t routed or blocked, and the GUI leav...
PT-2025-38497
Name of the Vulnerable Software and Affected Versions PureVPN versions 2.0.1 and 2.10.0 Description PureVPN client applications on Linux mishandle firewalling. The applications flush existing iptables rules and apply default ACCEPT policies when connecting to a VPN server, removing previously...
PureVPN 安全漏洞
PureVPN is a VPN software from PureVPN Inc. A security vulnerability exists in the PureVPN CLI version 2.0.1 and GUI version 2.10.0, which stems from IPv6 traffic being leaked after a cyber event, potentially leading to a user privacy breach...
Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally...
PT-2025-34808 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The web-based firewall interface firewall.cgi fails to sanitize several rule parameters, including PROT, SRC PORT, TGT PORT, dnatport, key, ruleremark, src addr, std net tgt, and tgt addr. This allows an...
CVE-2025-20131
A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...
CVE-2025-20131 Cisco Identity Services Engine Arbitrary File Upload Vulnerability
A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...
CVE-2025-20131
CVE-2025-20131 affects Cisco Identity Services Engine (ISE) GUI. Root cause: improper validation of the file copy function, enabling an authenticated, remote attacker with administrative privileges to upload arbitrary files to an affected device via a crafted file upload in the ISE GUI. CVSS v3.1...
Cisco Identity Services Engine Arbitrary File Upload Vulnerability
A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 WinRAR Exploit Advanced WinRAR Path Traver...
CVE-2025-43982
CVE-2025-43982 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC devices (v3.4.2731.16.43). The underlying issue: SSH service is enabled by default and a hard-coded root account cannot be disabled via the GUI. Impact is described as high for confidentiality, integrity, and availability with net...
[SECURITY] Fedora 42 Update: dtk6gui-6.0.27-6.fc42
Deepin Tool Kit DtkGui is the development graphical user interface of all C++/Qt Developer work on Deepin...
Toward a Human-Centered Evaluation Framework for Trustworthy LLM-Powered GUI Agents
The rise of Large Language Models LLMs has revolutionized Graphical User Interface GUI automation through LLM-powered GUI agents, yet their ability to process sensitive data with limited human oversight raises significant privacy and security risks. This position paper identifies three key risks ...
CVE-2018-14996
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
CVE-2019-15344
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
CVE-2019-15388
The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service name...
CVE-2019-15389
The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...
CVE-2019-15347
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2015-8037
Multiple cross-site scripting XSS vulnerabilities in the Graphical User Interface GUI in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 SOMVpnSSLPortalDialog or 2 FGDMngUpdHistory...
CVE-2025-27086
A vulnerability in the HPE Performance Cluster Manager HPCM GUI could allow an attacker to bypass authentication...