Portrait Displays Dell Color Management 后置链接漏洞

Portrait Displays Dell Color Management is a color management software developed by Portrait Displays Corporation in the United States. Versions of Portrait Displays Dell Color Management prior to version 3.7.0 contained a backlink vulnerability. This vulnerability stemmed from the improper...

CVE-2026-41377 OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

WordPress plugin WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2022-27049

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed...

GHSA-93JC-VQQC-VVVH Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package

The SignalK appstore interface allows administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin or webapp, the version parameter accepts arbitrary npm version specifiers including URLs. npm...

CVE-2025-11535

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

EUVD-2018-6874

Malware in sbrugna...

EUVD-2024-34421

Malicious code in bioql PyPI...

CVE-2025-8446

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blazedemoimporterinstallplugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with...

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...

CVE-2024-11468

Omnissa Horizon Client for macOS contains a Local privilege escalation LPE Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS ...

CVE-2024-11468

Omnissa Horizon Client for macOS contains a Local privilege escalation LPE Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS ...

PT-2025-1661 · Omnissa · Omnissa Horizon Client For Macos

Name of the Vulnerable Software and Affected Versions: Omnissa Horizon Client for macOS affected versions not specified Description: The issue is related to a Local privilege escalation LPE vulnerability due to a flaw in the installation process of the Omnissa Horizon Client for macOS. Successful...

CVE-2024-1657 Platform: insecure websocket used when interacting with eda server

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

PT-2024-1961 · Ansible · Ansible Automation Platform

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform affected versions not specified Description: A flaw in the Ansible automation platform was found, related to an insecure WebSocket connection used during installation from the Ansible rulebook EDA server. This issu...

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

Design/Logic Flaw

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user...

npm: npm ci succeeds when package-lock.json doesn't match package.json

A flaw was found in npm. The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation and makes it easier for attackers to install malware that was supposed to have been blocked...

Design/Logic Flaw

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS Standard and for IT Admin installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post-...

ALPINE-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...