98 matches found
CVE-2025-55077
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...
CVE-2025-55077
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...
CVE-2025-55077 Tyler Technologies ERP Pro 9 SaaS application escape
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...
PT-2025-32306 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Tyler Technologies ERP Pro 9 SaaS affected versions not specified Description: The software allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment...
Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...
CVE-2020-3687
Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue...
CVE-2019-18279
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019...
Security Bulletin: Multiple vulnerabilities in nodejs affect IBM Business Automation Workflow Configuration Editor (nodejs January security release)
Summary IBM Business Automation Workflow Configuration Editor repackages a nodejs runtime and multiple application level models. Vulnerabilities have been reported for the runtime and some modules.. Vulnerability Details CVEID:CVE-2025-23083 DESCRIPTION: With the aid of the diagnosticschannel...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js (CVE-2025-23085, CVE-2025-23084 & CVE-2025-22150)
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. Vulnerability Details CVEID:CVE-2025-23085 DESCRIPTION: A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header wa...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in BufferedReader.readLine, which does not count null bytes when calculating the acceptable size of an input stream. An attacker can cause the application to crash by creating a large...
CVE-2024-11952
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
CVE-2025-23084
CVE-2025-23084 concerns Node.js on Windows, where drive names were not treated as special by path utilities. The available sources describe that certain Windows paths using path.join may be interpreted relative to the current directory, potentially mapping to the root instead of a relative locati...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
Oracle MySQL Server 8.0 - 8.0.40, 8.4 - 8.4.3, 9.0 - 9.1.0 Security Update (cpujan2025) - Windows
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
PT-2025-4814 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special ...
CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability
...
CVE-2024-11952
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...
CVE-2024-11952 Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...
PT-2024-17362 · WordPress · Classic Addons – Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: Classic Addons – WPBakery Page Builder plugin for WordPress versions up to, and including, 3.0 Description: The issue allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to...