89 matches found
EUVD-2025-13699
Malicious code in bioql PyPI...
EUVD-2024-34954
Malicious code in bioql PyPI...
EUVD-2024-18598
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-6083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access...
GHSA-XP75-R577-CVHP Privileged OpenBao Operator May Execute Code on the Underlying Host
Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...
Privileged OpenBao Operator May Execute Code on the Underlying Host
Impact Under certain threat models, OpenBao operators with privileged API access may not be system administrators and thus normally lack the ability to update binaries or execute code on the system. Additionally, privileged API operators should be unable to perform TCP connections to arbitrary...
📄 Xorux LPAR2RRD 8.04 Denial of Service
Xorux LPAR2RRD versions 8.04 and below have an issue where an authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service Title: Xorux LPAR2RRD Read Only User Denial of...
Beamsec PhishPro 安全漏洞
Beamsec PhishPro is a phishing attack simulation and security awareness training platform from Beamsec UK. A security vulnerability exists in Beamsec PhishPro versions prior to 7.5.4.2, which stems from improper use of the Privileged API that may lead to privilege abuse...
📄 Remote for Windows 2024.15 Insecure Direct Object Reference
Remote for Windows Helper version 2024.15 contains an insecure direct object reference IDOR vulnerability. Attackers can access privileged API functions by reusing any "Allowed" client token from clients.json without authentication, leading to full system compromise. Exploit Title: Remote for...
CVE-2024-34655
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...
CVE-2024-34647
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license...
CVE-2024-20883
Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...
CVE-2024-20884
Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...
CVE-2025-20960
CVE-2025-20960 affects CocktailBarService (Samsung) and is caused by improper handling of insufficient permissions in the service, enabling a local attacker to invoke the privileged API before the SMR May-2025 Release 1 patch. Connected sources confirm the issue applies to CocktailBarService vers...
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...
CVE-2025-20960
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...