159 matches found
CVE-2025-20953
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN...
New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered ...
PT-2025-15676
Name of the Vulnerable Software and Affected Versions: Mdecservice versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control, allowing local attackers to access arbitrary files with system privilege. Recommendations: For versions prior to SMR Apr-2025...
CVE-2025-20946
CVE-2025-20946 affects Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1. The root cause is improper handling of exceptional conditions in the Bluetooth pairing flow, enabling local attackers to pair with specific Bluetooth devices without user interaction. Documented impact aligns w...
CVE-2025-20934
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege...
PT-2025-15342
Name of the Vulnerable Software and Affected Versions: InputManager version SMR Apr-2025 Release 1 Description: The issue is related to improper access control in InputManager, allowing local attackers to access the scancode of a specific input device. Recommendations: For InputManager version SM...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
CVE-2025-20930
Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory...
Linux Distros Unpatched Vulnerability : CVE-2011-3632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. CVE-2011-363...
CVE-2021-31420
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
PT-2025-25547 · Assimp +1 · Assimp +1
Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp versions up to 5.4.3 Description: A critical vulnerability has been found in the Open Asset Import Library Assimp. The issue affects the function Assimp::BVHLoader::ReadNodeChannels in the library...
PT-2024-19130 · Amd · Amd Ryzen Ai Software Npu Driver
Name of the Vulnerable Software and Affected Versions: AMD Ryzen AI Software NPU Driver affected versions not specified Description: The issue is related to improper input validation in the NPU driver, which could allow an attacker to supply a specially crafted pointer, potentially leading to...
PT-2024-19852 · Qualcomm · Qualcomm Snapdragon Compute
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Compute up to WSA8845H EVA driver affected versions not specified Description: The issue is related to memory corruption that occurs when a user invokes an IOCTL command from user-space and modifies the original packet siz...
PT-2024-6053
Name of the Vulnerable Software and Affected Versions Microsoft Windows Installer affected versions not specified Description The Windows Installer component contains a flaw in access control management. Successful exploitation of this issue could allow an attacker to elevate privileges to the...
CVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-6040 Missing client_id in parisneo/lollms-webui
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
CVE-2024-6040
CVE-2024-6040 affects parisneo/lollms-webui v9.8 where lollms_binding_infos lacks the client_id parameter. The endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are vulnerable to CSRF and local attacks, ...
CVE-2024-6040 Missing client_id in parisneo/lollms-webui
In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...
LoLLMs 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version v9.8 that stems from vulnerability to CSRF attacks and local attacks, which can be exploited by an attacker to perform unauthorized actions on...
RHEL 7 : libvirt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvirt: TLS certificate verification disabled for clients CVE-2017-1000256 - The LXC driver...