CVE-2025-47761

Fortinet FortiClientWindows is affected by a local Exposed IOCTL with Insufficient Access Control vulnerability (CWE-782) via the fortips driver. Affected versions: 7.2.0–7.2.9 and 7.4.0–7.4.3. An authenticated local user could execute unauthorized code, with exploitation requiring bypass of Wind...

CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exis...

PT-2025-47354

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.2.0 through 7.2.9 Fortinet FortiClientWindows versions 7.4.0 through 7.4.3 Description A flaw exists in Fortinet FortiClientWindows that involves an exposed IOCTL with insufficient access control. This...

HSEC-2023-0009 git-annex command injection via malicious SSH hostname

git-annex command injection via malicious SSH hostname git-annex was vulnerable to the same class of security hole as git's CVE-2017-1000117. In several cases, git-annex parses a repository URL, and uses it to generate a ssh command, with the hostname to ssh to coming from the URL. If the hostnam...

CVE-2025-11918

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...

CVE-2025-11918

The CVE-2025-11918 entry describes a stack-based buffer overflow in Rockwell Automation Arena® related to parsing DOE files. The vulnerability is local-only: a local attacker can trigger arbitrary code execution by opening a malicious DOE file on affected Arena installations. The connected source...

Microsoft Azure Monitor Agent < 1.37.1 RCE (CVE-2025-59504)

The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.37.1. It is, therefore, affected by a Heap-based buffer overflow vulnerability which potentially allows an unauthorized attacker to execute code locally. Note that Nessus has not tested for this issue but has...

CVE-2025-46367

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...

CVE-2025-30506

Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28630)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial...

Dell Alienware Command Center 安全漏洞

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center suffers from a no action response error condition detection vulnerabilit...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28637)

A local Denial of Service DoS and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for...

Siemens SIMATIC S7-1500 Use After Free (CVE-2020-1712)

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

HP Integrated Lights-Out Improper Input Validatio (CVE-2022-28629)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A low privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availabilit...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28634)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and...

Security Updates for Microsoft Excel Products C2R (November 2025)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by the following vulnerabilities: - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2025-60727 - Untrusted pointer dereference in Microsoft Office Excel...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28627)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability...

Security Updates for Microsoft Office Products C2R (November 2025)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2025-62199, CVE-2025-62216 - Use after free in Microsoft Office Word allows an...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28640)

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated...