ROS-20260512-73-0016

A vulnerability in the Core component of Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain full control over the application...

CVE-2025-55267

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server...

CVE-2023-38960

RaidenFTPD (Raiden Professional Server) 2.4 build 4005 is affected by an insecure permissions issue that can let a local attacker gain privileges and execute arbitrary code via a crafted executable in the installation directory. Multiple connected sources corroborate the same description, includi...

CVE-2023-31004

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765...

CVE-2023-7032

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object...

Google Android elevation of privilege vulnerability (CNVD-2023-96077)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...

Information Disclosure

freerdp is vulnerable to information disclosure. The vulnerability exists due to missing path canonicalization and base path check for drive channel which allows an attacker to gain access and read files outside the shared directory...

Improper Access Control in Elasticsearch

A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the aliases, shrink, or split endpoints are used . If the elasticsearch.yml file has xpack.security.dlsfls.enabled set to false, certain permission...

CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

CVE-2021-27453 Mesa Labs AmegaView authentication bypass

Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access...

Xylem AquaView 信任管理问题漏洞

Xylem AquaView is a next-generation SCADA system from Xylem USA, Inc. to meet the needs of water and wastewater related professionals for a simpler, more personalized way to be able to monitor, control, and optimize their assets anytime, anywhere, from any device. A trust management issue...

Unauthorized Access Vulnerability in SEH Print Server

SEH is a manufacturer of high quality network solutions. An unauthorized access vulnerability exists in the SEH print server, which can be exploited by attackers to obtain sensitive information...

CVE-2021-31153

please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...

CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

UBUNTU-CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

Command Execution Vulnerability in Weining PACS System

The PACS system developed by Weining Health Science and Technology Group Co., Ltd. is widely used as an application system in the medical industry, mainly providing functions such as case query, image processing, and labeling measurement. A command execution vulnerability exists in the Weining PA...

Microsoft Browser Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Struts2 Command Execution Vulnerability in Government Network System

The Government Web System is a set of software designed to provide website building services for the government. A struts2 command-and-execute vulnerability exists in the GovWeb system, which can be exploited by an attacker to gain control of the website...

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...