CVE-2026-27211

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.222.b10-0.el7 (AXSA:2019-3939:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3939:04 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

CVE-2025-65105 Apptainer ineffective application of selinux and apparmor --security options

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers...

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container. An attacker can gain unauthorized write access to sensitive files within the container environment by...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient privilege restriction vulnerability that can be exploited by an attacker to cause the disclosure of sensitive user data...

WSO2 Enterprise Integrator 安全漏洞

WSO2 Enterprise Integrator is an open source hybrid integration platform from WSO2, Inc. in the United States. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator that stems from insufficient privilege restrictions in th...

EUVD-2017-17149

Malware in sbrugna...

EUVD-2022-31226

Malicious code in bioql PyPI...

CVE-2020-25062

An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 July 2020...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from insufficient privilege restrictions and could result in an application gaining root privileges...

Citrix Systems Secure Access 安全漏洞

Citrix Systems Secure Access is a secure access solution from Citrix Systems USA. A security vulnerability exists in Citrix Systems Secure Access that stems from improperly restricting application privileges. An attacker could read or modify sensitive data by exploiting the vulnerability...

PT-2024-15029 · WordPress · Product Enquiry For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Enquiry for WooCommerce WordPress plugin versions prior to 3.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly...

D-Link DIR-820L Security Vulnerability

The D-Link DIR-820L is a dual-band wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-820L that stems from incorrect privilege restrictions...

MinIO 安全漏洞

MinIO is an open source object storage server from US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. A security vulnerability exists in versions prior to MinIO RELEASE.2023-03-13T19-46-17Z, which stems from improper...

SUSE CVE-2013-0887

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors...

Nextcloud Android app information leakage vulnerability

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...

Nextcloud Android app 信息泄露漏洞

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...

Design/Logic Flaw

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

CVE-2022-26676 aEnrich a+HRD - Broken Access Control

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

PT-2022-13147 · WordPress · Interactive Medical Drawing Of Human Body

Name of the Vulnerable Software and Affected Versions: Interactive Medical Drawing of Human Body WordPress plugin versions prior to 2.6 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the Link field, even...