Gladinet Triofox Improper Access Control (CVE-2025-12480)

The Gladinet Triofox prior to version 16.7.10368.56560. It is, therefore, are vulnerable to an Improper Access Control flaw. This vulnerability in Gladinet’s Triofox versions before 16.7.10368.56560 that lets unauthenticated attackers bypass authentication via a host-header spoof to...

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

ABB Edgenius Management Portal

SUMMARY ABB identified a critical vulnerability present in ABB Ability Edgenius starting from version 3.2.0.0. We have not received any reports of this vulnerability being exploited. An unauthenticated attacker could exploit this vulnerability to: → install and run arbitrary code, → uninstall...

CVE-2025-40827

A vulnerability has been identified in Siemens Software Center All versions V3.5, Solid Edge SE2025 All versions V225.0 Update 10. The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system...

CVE-2025-57741

FortiClientMac has an Incorrect Permission Assignment for a Critical Resource vulnerability (CWE-732) affecting versions 7.0–7.2.11 and 7.4.0–7.4.3. The issue enables a local attacker to execute arbitrary code via LaunchDaemon hijacking due to improper resource permissions. Remediation per PT-202...

EUVD-2025-29495

Malicious code in bioql PyPI...

CVE-2025-23344

CVE-2025-23344 affects NVIDIA NVDebug tool. The vulnerability may allow an attacker to run code on the platform host as a non-privileged user, with potential for code execution, DoS, privilege escalation, information disclosure and data tampering. NVIDIA PSIRT notes affected NVIDIA NVDebug tool v...

PT-2025-34759 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor version 15.4.1 Description: The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and...

PT-2025-34546 · Ibm · Integrated Analytics System

Name of the Vulnerable Software and Affected Versions: IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0 Description: The software allows an authenticated user to upload files with dangerous types. If opened by another user, these files could lead to code execution. Recommendation...

CVE-2025-52094

PDQ Smart Deploy 3.0.2040 is affected by an Insecure Permissions vulnerability. The root cause is improper permissions on HKLM\SYSTEM\Setup\SmartDeploy, enabling a local attacker to execute arbitrary code. Multiple sources (e.g., PT-2025-34378) confirm the affected version but do not provide a fi...

Microsoft Excel Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Linux Distros Unpatched Vulnerability : CVE-2022-22756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which...

Tenable Network Monitor 安全漏洞

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Holdings, Inc. in the United States, mainly used for security assessment of network devices. Tenable Network Monitor suffers from an elevation of privilege vulnerability that originates from a...

PT-2025-6761 · Unknown · Usb-Convertercable Driver

Name of the Vulnerable Software and Affected Versions: USB-CONVERTERCABLE DRIVER affected versions not specified Description: A security issue has been discovered in USB-CONVERTERCABLE DRIVER, related to the insecure loading of dynamic link libraries, which could allow local attackers to...

Synology Drive 安全漏洞

Synology Drive is a collaborative office suite from China-based Synology Inc. The product includes document management, collaborative office and file synchronization and backup features. A security vulnerability exists in Synology Drive prior to version 3.3.0-15082, which stems from the inclusion...

Microsoft SharePoint 命令注入漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

Microsoft SharePoint 安全漏洞

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized management appliance that provides a comprehensive network security management solution. A security vulnerability exists in Fortinet FortiManager, which can be exploited by a local attacker to submit a special template request that can be used to execute...

PT-2024-20056 · Metagpt · Metagpt

Name of the Vulnerable Software and Affected Versions: MetaGPT versions 0.6.4 and earlier Description: The issue allows the QaEngineer role to execute arbitrary code because RunCode.run script passes shell metacharacters to subprocess.Popen. This enables potential exploitation, but specific detai...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...