GHSA-X8HC-FQV3-7GWF Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

PT-2026-29282

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

media: tc358743: register v4l2 async device only after successful setup

...

Cypress WICED BT输入验证错误漏洞

Cypress WICED BT is a full-featured platform from cypress. The Cypress WICED BT suffers from an input validation error vulnerability that stems from the CYW20735B1 device's Bluetooth Classic implementation via 2.9.0 in the Cypress WICED BT stack failing to correctly handle the reception of an...

HP ThinPro OS /usr/bin/hpobl elevation of privilege vulnerability

HP ThinPro OS is a thin client operating system. A vulnerability in HP ThinPro OS /usr/bin/hpobl when invoking Firefox after setup allows attackers to exploit the vulnerability to gain access to the device with root privileges...