CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

EUVD-2024-18715

Malicious code in bioql PyPI...

EUVD-2023-30150

Malicious code in bioql PyPI...

CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions. The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks...

(0Day) Microsoft Edge PDF NTLM Response Information Disclosure Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of lin...

CVE-2025-41698 Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed...

PT-2025-31918 · Drager · Draeger Icmhelper

Name of the Vulnerable Software and Affected Versions: Draeger ICMHelper affected versions not specified Description: A low-privileged local attacker can interact with the affected service, despite the intended restriction of user interaction. This issue poses a high-severity risk to healthcare a...

CVE-2025-7293

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

PT-2025-16466 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.14 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Application Object Library. Successful attacks require human interaction...

CVE-2025-27176

CVE-2025-27176 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) that could crash the app and cause a denial-of-service. The issue requires user interaction (victim must open a malicious file). Connected sources corroborate the vulnerability in InDesign...

CVE-2025-1691 MongoDB Shell may be susceptible to Control Character Injection via autocomplete

The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...

SUSE CVE-2018-3088

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2021-26991

Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing CORS policy which could allow a remote attacker to interact with Cloud Manager...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

CVE-2017-10409

Vulnerability in the Oracle iStore component of Oracle E-Business Suite subcomponent: Merchant UI. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Nokia Electronic Documentation 5.0 - Connection redirection

Nokia Electronic Documentation 5.0 - Connection redirection source: https://www.securityfocus.com/bid/8625/info A vulnerability has been discovered in Nokia Electronic Documentation NED that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to th...