PT-2026-40140

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...

EUVD-2025-93420

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally...

EUVD-2024-38953

Malicious code in bioql PyPI...

EUVD-2025-4896

Malicious code in bioql PyPI...

EUVD-2025-6200

Malicious code in bioql PyPI...

Google Android elevation of privilege vulnerability (CNVD-2025-23046)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by background activity that may be initiated as a result of logic errors in multiple functions of LocationProviderManager.java. An attacker...

CVE-2025-40751

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credential...

CVE-2024-40461

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component...

CVE-2025-28407

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...

CVE-2025-22458

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System...

CVE-2025-28405

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method...

CVE-2025-28408

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/deptId endpoint does not properly validate the deptId parameter...

CVE-2025-28411

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google USA. Google Pixel has a security vulnerability that stems from allowing code execution via heap buffer overflow. An attacker can escalate privileges by exploiting the vulnerability...

CVE-2024-28391

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

CVE-2024-22983

The CVE-2024-22983 entry describes a SQL injection vulnerability in Projectworlds Visitor Management System v1.0 (PHP). The flaw allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Red Hat, NVD, CNNVD, CVE records corroborate the vulnerability detail...

MGASA-2021-0049 Updated crmsh packages fix security vulnerability

The crm configure and hbreport commands failed to sanitize sensitive information by default bsc1163581. An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm histor...