CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

EUVD-2018-18709

Malware in sbrugna...

EUVD-2018-18710

Malware in sbrugna...

EUVD-2022-15863

Malicious code in bioql PyPI...

Calix GigaCenter ONT Series 安全漏洞

Calix GigaCenter ONT Series is a series of optical network terminals from Calix USA. A security vulnerability exists in the Calix GigaCenter ONT Series that originates from a common user being able to abuse elevated privileges. The following products and versions are affected: GigaCenter ONT 844E...

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-43947

Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...

CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from the fact that a normal user can enable or disable the app via the API...

PRIMX ZED 安全漏洞

PRIMX ZED is a suite of sensitive data encryption software from PRIMX Corporation. A security vulnerability exists in PRIMX ZED Enterprise version 2024.3 and prior versions. An attacker could exploit the vulnerability to manipulate technical files stored in a local folder with normal user access...

CVE-2024-39947

A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash...

kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup()

A NULL pointer dereference flaw was found in vmxnet3rqcleanup in drivers/net/vmxnet3/vmxnet3drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during...

RWS WorldServer Security Vulnerability

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer versions prior to 11.7.3, which stems from the fact that a normal user can create a user with the role of administrator via UserWSUserManager...

ASUS RT-AX88U Cross-Site Scripting Vulnerability (CNVD-2023-63441)

The ASUS RT-AX88U is a wireless router from Asus China. The ASUS RT-AX88U suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Custom User Icons feature, which can be exploited by an attacker to perform a store...

Qatanna POS Software 1.0 Blind SQL Injection

Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection Exploit Date: May 07, 2023. CVSS 3.1: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Application Name: Qatanna POS Software Application Version: 1.0 Link: https://www.codester.com/items/42053/qatanna-pos-software...

SUSE CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

ASUS RT-AC86U OS Command Injection Vulnerability

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from an operating system command injection vulnerability that originates from not filtering the special characters of parameters in specific URLs, which can be exploited by a remote attacker wit...

ASUS RT-AC86U 操作系统命令注入漏洞

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from an operating system command injection vulnerability that originates from not filtering the special characters of parameters in specific URLs, which can be exploited by a remote attacker wit...