108 matches found
Ollama 路径遍历漏洞
Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have a path traversal vulnerability. This vulnerability stems from the improper handling of HTTP response headers in the...
CVE-2026-1995
IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...
CVE-2026-1995 IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability
IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...
CVE-2026-1995
IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...
CVE-2026-1995 IDrive Cloud Backup Client for Windows contains a privilege escalation vulnerability
IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...
IDrive 安全漏洞
IDrive is a cloud backup and cloud storage service solution provided by the American company IDrive. There is a security vulnerability in IDrive, which stems from the idservice.exe process using privileged access to read files. This vulnerability could allow attackers to specify any executable pa...
CVE-2026-2999
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...
CVE-2026-26959 ADB Explorer Vulnerable to RCE via Insufficient Input Validation
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can...
CVE-2025-59094
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...
CVE-2025-59094 Local Privilege Escalation in dormakaba Kaba exos 9300 System management
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...
CVE-2025-59094
CVE-2025-59094 concerns the Kaba exos 9300 System management application (d9sysdef.exe). The issue is a local privilege escalation that allows an attacker to specify an arbitrary executable and the weekday/start time for it to run with SYSTEM privileges. The cited sources describe the vulnerabili...
CVE-2025-59094
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...
EUVD-2025-206356
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...
CVE-2025-59094 Local Privilege Escalation in dormakaba Kaba exos 9300 System management
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...
VulnCheck KEV: CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
EUVD-2025-204434
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...
CVE-2025-11774
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...
CVE-2025-11774 Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...
CVE-2025-11774 Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...
CVE-2025-11774
CVE-2025-11774 affects Mitsubishi Electric GENESIS64 family, ICONICS Suite/MobileHMI/MC Works64 (versions up to 10.97.2 CFR3 and prior). The issue is an OS Command Injection via the software keypad function, caused by improper neutralization of special elements. A local attacker can cause executi...