CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

Malwarebytes for Mac now has smarter, deeper scans

Say hello to the upgraded Malwarebytes for Mac —now with more robust protection, more control, and the same trusted defense you count on every day. We’ve given our Mac scan engine a serious intelligence boost, so it thinks faster and digs deeper. The new enhanced scan searches across more of your...

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

Genexus Protection Server 代码问题漏洞

Genexus Protection Server is a component of Genexus Uruguay that manages and enforces product software licenses. A code issue vulnerability exists in Genexus Protection Server version 9.7.2.10, which stems from the presence of unquoted service paths in the protsrvservice Windows service...

Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

Deep Neural Networks DNNs, as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991128 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if...

CVE-2025-67646 TableProgressTracking's missing CSRF protection allows unauthorized state changes

TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the...

EUVD-2025-202429

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

EUVD-2025-202605

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

CVE-2025-67460

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

CVE-2025-67460 Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure

Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access...

CVE-2025-67460

CVE-2025-67460 affects Zoom Rooms for Windows prior to 6.6.0. The issue is a Protection Mechanism Failure of Software Downgrade , allowing an unauthenticated user with local access to escalate privileges. The vulnerability is scoped to the Windows version; CVSS v3.1 base score is 7.8 (HIGH) with ...

CLSA-2025-1765381441 nghttp2: Fix of CVE-2024-28182

CVE-2024-28182: fix continuation frame floods via frame count limiting...

WordPress Plugin WebP Express Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an insufficiently protected credentials...

1Panel 跨站请求伪造漏洞

1Panel is an open source Linux server operation and maintenance management panel from China's 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 110.33 through 2.0.15, which stems from a lack of CSRF protection implemented in the panel name management feature,...

Zoom Rooms for Windows 安全漏洞

Zoom Rooms for Windows is a conference room software from Zoom USA. A security vulnerability exists in Zoom Rooms for Windows prior to version 6.6.0, which stems from a failure in the software's downgrade protection mechanism and could lead to elevation of privilege via local access by an...

WordPress Plugin SSP Debug Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin SSP Debug, which stems from...