229 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/baselibs process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...
CVE-2025-32098
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process...
CVE-2025-32098
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process...
CVE-2025-32098
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process...
CVE-2025-32098
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process...
SAMSUNG Magician 安全漏洞
SAMSUNG Magician is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in Samsung Magician versions 6.3 through 8.3, which stems from an insecure file deletion operation during the update process that could result in...
CVE-2025-32098
CVE-2025-32098 affects Samsung Magician (Windows) versions 6.3–8.3. The root cause is an insecure file-delete operation during the update process, which can allow an attacker to achieve elevation of privilege to SYSTEM . The CVSS v3.1 vector indicates a low attack complexity with no user interact...
PT-2025-35590
Name of the Vulnerable Software and Affected Versions: Samsung Magician versions 6.3 through 8.3 Description: An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. Recommendations: Update Samsung Magician to a version...
CVE-2025-8650 Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability
Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...
PT-2025-32059 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides within the...
PT-2025-32055 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides in the...
CVE-2024-48799
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48793
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48790
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48778
An issue in GIANT MANUFACTURING CO., LTD RideLink tw.giant.ridelink 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48770
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48772
An issue in C-CHIP com.cchip.cchipamaota v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48788
An issue in YESCAM com.yescom.YesCam.zwave 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48774
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process...
CVE-2023-20178
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed aft...