CVE-2026-4858 Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

EUVD-2018-13760

Malware in sbrugna...

EUVD-2017-15311

Malware in sbrugna...

EUVD-2023-35767

Malicious code in bioql PyPI...

CVE-2018-21068

An issue was discovered on Samsung mobile devices with O8.0 software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 July 2018...

SAP PowerDesigner 代码注入漏洞

SAP PowerDesigner is a database design software from SAP Germany. SAP PowerDesigner suffers from a code injection vulnerability that originates when an attacker with local access to the system places a malicious library that can be executed by the application. No details of the vulnerability are...

Path traversal

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

PT-2023-23343 · Steelseries · Steelseries Gg

Name of the Vulnerable Software and Affected Versions: SteelSeries GG version 36.0.0 Description: The issue allows attackers to exploit an open API listener to create a sub-application that will be executed automatically from a controlled location, due to a path traversal vulnerability...

WEM deletes registry set by a GPO

Administrator restricted some application execution say PowerShell, Command Prompt through Group Policy which sets following registry and WEM delets it. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun...

Keybase path traversal vulnerability

Keybase is a PGP technology-based social networking platform that supports end-to-end encryption.Keybase Client for Windows prior to version 5.7.0 is vulnerable to a path traversal vulnerability that stems from a networked system or product failing to properly filter special elements in a resourc...

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...

CVE-2020-1241

A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by...

CVE-2018-21244

Foxit PhantomPDF up to version 8.3.5 contains a vulnerability where an embedded executable in a PDF portfolio can lead to arbitrary code execution (FG-VD-18-029). Root cause is an improper handling of embedded executables within portfolios, enabling remote exploitation via crafted PDFs. Affected ...

(Pwn2Own) Apple Safari Symbolic Link Arbitrary Application Execution Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of symboli...

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. In other words, althoug...

CVE-2017-7777

The use of uninitialized memory related to "graphite2::GlyphCache::Loader::readglyph" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways...

CVE-2019-0343

SAP Commerce Cloud Mediaconversion Extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application...

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...

CVE-2018-20681

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices such as additionally attached graphical outputs via HDMI, VGA, DVI, etc...