CVE-2026-4858 Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

EUVD-2021-12252

Malware in sbrugna...

EUVD-2018-2454

Malware in sbrugna...

EUVD-2022-24963

Malicious code in bioql PyPI...

CVE-2021-25356

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...

CVE-2025-20895

The CVE-2025-20895 affects Samsung Galaxy Store prior to 4.5.87.6. The issue permits authentication bypass via an alternate path in Galaxy Store, enabling a physical attacker to install arbitrary apps and bypass Setupwizard restrictions. Affected: Galaxy Store versions before 4.5.87.6. Root cause...

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory...

ASB-A-188554048

In the SELinux policy configured in systemapp.te, there is a possible way for systemapp to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...

CVE-2021-25356

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...

Input validation

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...

CVE-2021-25356

CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...

(Pwn2Own) Apple Safari Symbolic Link Arbitrary Application Execution Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of symboli...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...

CVE-2020-6797

CVE-2020-6797 describes a macOS-specific issue where downloading a file with the .fileloc extension could cause a semi-privileged extension to launch an arbitrary application on the user’s Mac. The attacker is constrained by the ability to download only quarantined files and cannot pass command-l...

CVE-2020-6797

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact...