CVE-2025-0680 New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud...

Zoom Workplace Desktop App < 6.2.10 DoS (ZSB-25005)

The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.2.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25005 advisory. - Symlink following in the installer for Zoom Workplace app for macOS before 6.2.10 may allow an authenticated user to...

Advisory ROSA-SA-2025-2551

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.6.res7 CVE-ID: CVE-2018-20685 BDU-ID: 2019-00773 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is caused by errors in the validation of the scp.c directory name in the scp clien...

CVE-2025-0227

CVE-2025-0227 affects Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). A vulnerability in the file /Logs/Annals/downLoad.html stems from manipulation of the path argument, resulting in information disclosure. The issue can be triggered remotely, and public exploit information exist...

PT-2025-32537 · Unknown +1 · Nasm Netwide Assember +1

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assember version 2.17rc0 Description: A heap-based buffer overflow exists in the macho no dead strip function within the outmacho.c file. Local access is required for exploitation. The exploit for this issue has been publicly...

Dell NativeEdge Elevation of Privilege Vulnerability

Dell NativeEdge is a software provided by Dell for managing and configuring network devices. A security vulnerability exists in Dell NativeEdge. An attacker could exploit the vulnerability to locally access the system with low privileges, resulting in elevated privileges...

CVE-2024-12926 Codezips Project Management System advanced.php sql injection

A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 introdution This vulnerability takes advant...

Unspecified Vulnerability in D-Link DSL6740C

The D-Link DSL6740C is a wireless router developed by D-link. The D-Link DSL6740C suffers from a security vulnerability that stems from the use of an insecure default wifi password, which can be exploited by an attacker to gain unauthorized access to the system...

Google Chrome Out-of-Bounds Write Vulnerability (CNVD-2024-44477)

Google Chrome is a web browser from Google, an American company. An out-of-bounds write vulnerability exists in versions of Google Chrome prior to 130.0.6723.92, which can be exploited by an attacker to perform out-of-bounds memory access via a crafted HTML page...

Privilege Escalation

github.com/external-secrets/external-secrets is vulnerable to privilege escalation. The vulnerability is due to improper configuration of the ClusterRole, which grants "get/list" verbs for secrets resources and "path/update" verb for validating webhook configurations. It allows an attacker to abu...

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

MGASA-2024-0234 Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

WordPress plugin Alemha watermarker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

AZL-42337 CVE-2024-1298 affecting package hvloader for versions less than 1.0.1-3

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...

Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access

Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in the...

CVE-2023-5390

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files from the controller that may expose limited information from the device. Honeywell recommends...

NVIDIA DGX Buffer Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A buffer error vulnerability exists in NVIDIA DGX A100 Servers, which originates from a heap-based buffer overflow that could be caused by a user via local access...

The vulnerability of the dropbearpwd component in the TP-Link TL-WR841N router’s microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the dropbearpwd component in the TP-Link TL-WR841N router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...