Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

EUVD-2026-23793

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user...

CVE-2026-23704

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

CVE-2025-1910 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Update Package

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and includi...

CVE-2025-1910

CVE-2025-1910 affects WatchGuard Mobile VPN with SSL Client for Windows (versions 12.0–12.11.2). A locally authenticated, non-administrative user can escalate to NT AUTHORITY/SYSTEM on the host running the VPN client. The issue is confirmed across multiple sources; remediation guidance from PT-20...

EUVD-2017-5546

Malware in sbrugna...

EUVD-2025-25895

Malicious code in bioql PyPI...

Joplin 安全漏洞

Joplin is an open source note-taking and to-do list application by Laurent Cozic, an individual developer. A security vulnerability exists in Joplin versions prior to 3.3.3, which stems from an API endpoint that can be exploited by a non-administrative user to set the isadmin field, potentially...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

Privilege escalation

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

EFACEC UC 500 Security Vulnerability

EFACEC UC 500 is a solution from EFACEC Portugal that provides an integrated and flexible communication gateway, automation platform and HMI solution for utility and industrial applications. A security vulnerability exists in the EFACEC UC 500 that originates from the fact that a user without...

CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system...

CVE-2022-32536 Privilege Escalation

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...

CVE-2022-22977

VMware Tools for Windows12.0.0, 11.x.y and 10.x.y contains an XML External Entity XXE vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or...

Atlassian Confluence Webwork OGNL Injection

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be access...

CVE-2021-23881

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator...

Cross site scripting

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator...

Micro Focus Operations Bridge Reporter Authorization Bypass Vulnerability

Micro Focus Operations Bridge Reporter is an IT reporting software that provides resource, incident, and response time reports across server, network, and application environments. An authorization bypass vulnerability exists in Micro Focus Operations Bridge Reporter version 10.40 and earlier. A...