427 matches found
EUVD-2022-26131
Malicious code in bioql PyPI...
EUVD-2024-36455
Malicious code in bioql PyPI...
EUVD-2023-24194
Malicious code in bioql PyPI...
EUVD-2024-52202
Malicious code in bioql PyPI...
EUVD-2022-26039
Malicious code in bioql PyPI...
EUVD-2022-34393
Malicious code in bioql PyPI...
EUVD-2024-50434
Malicious code in bioql PyPI...
EUVD-2022-37389
Malicious code in bioql PyPI...
EUVD-2025-22458
Malicious code in bioql PyPI...
EUVD-2024-18074
Malicious code in bioql PyPI...
npm packing does not respect root-level ignore files in workspaces
...
Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20290)
The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...
CVE-2025-34151
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...
CVE-2025-34151 Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code...
PT-2025-32045 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. The flaw resides in the firmware update process due to insufficient...
The vulnerability of the RemotePC software for providing remote access lies in its insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the RemotePC remote access software is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App lies in the lack of measures to neutralize substitution characters or identical symbols. This allows attackers to elevate their privileges to the root level.
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the lack of measures taken to neutralize substitution characters or identical symbols. Exploiting this vulnerability can allow attackers to elevate their privileg...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
CVE-2024-9062
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
CVE-2024-9062
CVE-2024-9062 – macOS Archify local privilege escalation : The vulnerability affects the Archify privileged helper tool, com.oct4pie.archifyhelper, which runs as root and is exposed via XPC. The root cause is insufficient client validation by the helper, which does not verify code signatures, ent...