CVE-2025-65199 Windscribe for Linux 'changeMTU' local privilege escalation

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

EUVD-2015-6561

Malware in sbrugna...

CVE-2025-29627

CVE-2025-29627 affects KeeperChat iOS App, v5.8.8, with a vulnerability in the Biometric Authentication Module that could allow a physically proximate attacker to escalate privileges. The public records describe the affected component as KeeperChat IOS Application and point to privilege escalatio...

CVE-2021-0694

In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and Apple iPadOS, which arises from the possibility of an...

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.4, which stems from an application that may be able to elevate privileges...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking in the omacp service, with a possible method to write a record of an application's privilege usage...

CVE-2022-29823

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution RCE with privileges of application...

CVE-2022-29823

Feather-Sequelize’s cleanQuery method is the affected component. The vulnerability stems from insecure recursive filtering of query keys, enabling Remote Code Execution with the application’s privileges. The CVE-2022-29823 entry is supported by multiple sources (e.g., GHSA/Veracode/CVE lists) des...

Integer overflow

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevat...

Buffer overflow

Multiple buffer overflow vulnerabilities exist when LeviStudioU Version 2019-09-21 and prior processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application...

CVE-2020-13555

Advantech WebAccess/SCADA 9.0.1 is affected by several local privilege escalation vulnerabilities (CVE-2020-13555, CVE-2020-13552, CVE-2020-13553, CVE-2020-13554) as detailed in TALOS-2020-1169. The issues arise from weak permissions and misconfigurations that enable an unprivileged or moderately...

Code Injection

SquirrelMail is vulnerable to code injection. With registerglobals enabled, an attacker could inject arbitrary code via custom preference handles in prefs.php and may cause the code to be executed with application privilege...

CVE-2018-19027

Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application...

CVE-2018-19011

CX-Supervisor Versions 3.42 and prior can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application...

CVE-2015-1528

Integer overflow in the nativehandlecreate function in libcutils/nativehandle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service Binder heap memory corruption via a crafted application, aka internal bug 19334482...

ESET application privilege escalation

Privilege escalation via EpFwNdis.sys driver...

Moodle Remote Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit4 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp...

et-chat - Privilege Escalation Arbitrary File Upload

et-chat - Privilege Escalation Arbitrary File Upload source: https://www.securityfocus.com/bid/60660/info et-chat is prone to a privilege-escalation vulnerability and an arbitrary shell-upload vulnerability. An attacker can exploit these issues to gain elevated privileges within the application a...

Scientific Linux Security Update : libxslt on SL3.x, SL4.x, SL5.x i386/x86_64

Anthony de Almeida Lopes reported the libxslt library did not properly process long 'transformation match' conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the applicatio...