CVE-2025-40538

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

EUVD-2025-207543

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

EUVD-2025-207544

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

SolarWinds Serv-U 15.5.4 Multiple Vulnerabilities

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the solarwindsserv-u1554 advisory. - An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a...

PT-2026-21667

Name of the Vulnerable Software and Affected Versions Serv-U versions prior to 15.5.4 Serv-U 15.5 Description A broken access control issue exists in Serv-U, potentially allowing a malicious actor with administrative privileges to create a system administrator user and execute arbitrary code with...

XenServer Security Update for CVE-2025-58151 and CVE-2026-23553

Severity:Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to become slow or unresponsive to management operations. This issue has the following identifier: CVE-2025-58151 A further issue has been identified ...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

PT-2026-2454

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

CVE-2023-45584

A double free vulnerability CWE-415 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0...

CVE-2021-27241

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 Build 20.8.5653.561. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...

CVE-2021-31431

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

CVE-2020-17399

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-14492

RealDefense SUPERAntiSpyware contains a local privilege escalation in the SAS Core Service due to an exposed dangerous function. The flaw allows an attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code on affected installations. CVSS v3.0 metrics indicate local...

Lenovo App Store和Lenovo Browser 安全漏洞

Lenovo App Store and Lenovo Browser are both products of the Chinese company Lenovo.Lenovo App Store is a desktop application.Lenovo Browser is a browser. Lenovo App Store is a desktop application.Lenovo Browser is a browser used to locate, retrieve, and display content on the World Wide Web. A...

CVE-2025-12026

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including...

CVE-2025-23299

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code...

EUVD-2025-32891

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...