5614 matches found
Incorrect Authorization
Overview edu.internet2.middleware.grouper:grouper is an Internet2 Groups Management Toolkit Affected versions of this package are vulnerable to Incorrect Authorization via improper job scheduling in the loader jobs configuration process. A group administrator who is not a member of the Grouper...
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...
CVE-2025-59714
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs...
CVE-2025-59714
The CVE-2025-59714 entry concerns Internet2 Grouper. Affected: Grouper versions 5.17.1 up to 5.20.4 (before 5.20.5). Issue: group admins who are not Grouper sysadmins can configure loader jobs, enabling potential unauthorized loader job creation. Root cause: mis-validation/configuration of loader...
PT-2025-38504
Name of the Vulnerable Software and Affected Versions Internet2 Grouper versions 5.17.1 through 5.20.4 Description Group administrators who are not also Grouper system administrators can configure loader jobs. Recommendations Update to a version prior to 5.17.1 or after 5.20.5...
Grouper 安全漏洞
Grouper is an Internet2 open source enterprise access management system designed for highly distributed administrative environments and heterogeneous information technology environments common to colleges and universities. A security vulnerability exists in Grouper versions 5.17.1 through prior t...
RHEL 10 : grub2 (RHSA-2025:16154)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16154 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modula...
Malicious code in @teselagen/bounce-loader (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2f86497a8f8ebd289f9296f0d154c87fd2429bdf4fc8de97c6b1684ed3b9aaa Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47272 Malicious code in @teselagen/bounce-loader (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2f86497a8f8ebd289f9296f0d154c87fd2429bdf4fc8de97c6b1684ed3b9aaa Any computer that has this package installed or running should be considered fully compromised. All...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
@teselagen/ove (>=0.0.18 <=0.7.27), @teselagen/ui (>=0.0.23 <=0.7.27) +3 more potentially affected by unknown CVE via @teselagen/bounce-loader (>=0.0.12 <=0.3.11)
@teselagen/bounce-loader NPM version =0.0.12, =0.0.18, =0.0.23, =15.0.0, =17.0.12 - ove-electron =1.2.8 - teselagen-react-components =30.15.8 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENBOUNCELOADER-12744519...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Exploit for CVE-2016-2610
This is a PoC exploit for CVE-2016-2610, a vulnerability in the PlayStation 4's kernel. The exploit targets the 4.55 firmware version and allows for arbitrary code execution as kernel. The exploit includes a loader that listens for payloads on port 9020 and executes them upon reception. The loade...
PS4-4.05-Kernel-Exploit
This repository contains a fully implemented kernel exploit for the PlayStation 4 on firmware version 4.05. The exploit, known as "namedobj," allows for arbitrary code execution as kernel, enabling jailbreaking and kernel-level modifications to the system. It includes a loader that listens for...
airbug
This repository is an offensive tool for collecting and utilizing web application vulnerabilities, specifically targeting Content Management Systems CMS. It is a Python-based tool that allows users to load and execute Proof of Concept PoC code for various vulnerabilities. The tool is designed to ...
Linux Distros Unpatched Vulnerability : CVE-2025-39787
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not...
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
...