CVE-2025-23416

Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

EUVD-2025-6171

Malicious code in bioql PyPI...

EUVD-2024-48899

Malicious code in bioql PyPI...

PT-2025-38604

Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV affected versions not specified Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle MitM attack and...

PT-2025-112: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript into web pages, resulting in execution of malicious code in the victim’s browser. Vulnerability status: Confirmed by vendor Date of...

PT-2025-93: Local Privilege Escalation in RemotePC

The vulnerability was identified in RemotePC, version 7.7.38. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 30.07.2025 Recommendations: Update to version 7.7.38 or...

PT-2025-102: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize unsafe data, gain control over application objects and impair its operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

PT-2025-47: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

PT-2025-54: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

PT-2025-50: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed ...

PT-2025-60: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

CVE-2022-3990

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation...

CVE-2022-38396

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 o...

PT-2025-35: Local Privilege Escalation (LPE) in Tunnelblick

The vulnerability was identified in Tunnelblick, versions 3.5beta06 to 6.1beta2. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 22.04.2025 Recommendations: Update to...

PT-2025-08: Deserialization of untrusted data in TCPDF

This library has a class containing a POP Property Oriented Programming chain. When deserializing this class with certain values ​​of some fields, an attacker can delete an arbitrary file from the system. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.04.2025...

CVE-2025-23416

Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2024-50693

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the userService API model...

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...