68 matches found
VulnCheck KEV: CVE-2025-24354
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
PT-2025-44328
Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A flaw in access control on Dataphone A920 version 2025.07.161103 allows unauthorized interaction with the device. A service running on port 8888 is exposed on the local network without requiri...
PT-2025-43494
In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2025-61035
The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally...
EUVD-2021-3594
Malicious code in bioql PyPI...
EUVD-2023-54043
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-9245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure...
Linux Distros Unpatched Vulnerability : CVE-2021-0938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosur...
Linux Distros Unpatched Vulnerability : CVE-2020-26978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on t...
CVE-2025-35941 mySCADA PRO Manager Password Disclosure
A password is exposed locally...
mySCADA PRO Manager 安全漏洞
mySCADA PRO Manager is a monitoring and control software for industrial processes from the Czech company mySCADA. A security vulnerability exists in mySCADA PRO Manager that stems from a local exposure of passwords...
CVE-2023-21335
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-32645
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477...
CVE-2020-0274
In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925...
CVE-2025-20665
In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760...
SUSE CVE-2025-24354
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...
CVE-2024-43084
In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2024-29689 · Atos · Atos Eviden Icare
Name of the Vulnerable Software and Affected Versions: Atos Eviden iCare versions 2.7.1 through 2.7.11 Description: The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with syst...
Ollama 安全漏洞
Ollama is a large language model from the Ollama open source that can be started and run locally. A security vulnerability exists in Ollama versions prior to 0.1.47, which stems from the extractFromZipFile function being able to extract ZIP archive members outside of the parent directory...