39 matches found
CVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
CVE-2025-13176 Local privilege escalation in ESET Inspect Connector for Windows
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
CVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
EUVD-2025-206582
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
PT-2026-5395
Name of the Vulnerable Software and Affected Versions ESET Inspect Connector versions prior to 3.0.5765 Description The ESET Inspect Connector is susceptible to a local privilege escalation. Planting a custom configuration file allows the loading of a malicious DLL. The ElConnector.exe process,...
EUVD-2024-41689
Malicious code in bioql PyPI...
EUVD-2025-4812
Malicious code in bioql PyPI...
EUVD-2023-0461
Malicious code in bioql PyPI...
CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
PT-2025-39395
Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...
CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...
CVE-2025-0425
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2025-0425
Cordaware bestinformed Infoclient is vulnerable to local privilege escalation: a low-privileged user can change the server address to a malicious or spoofed server, enabling elevation to nt authority\system on Windows. This relies on default GUI permissions and can be mitigated by deploying a cus...
CVE-2025-0425 Local Privilege Escalation via Config Manipulation
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...
CVE-2024-45741
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...
CVE-2024-45741
CVE-2024-45741 affects Splunk Enterprise versions prior to 9.2.3 and 9.1.6, and Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205. A low-privileged user without admin/power roles can inject a malicious payload via a custom configuration file used by the api.uri parameter in th...
PT-2024-7166 · Splunk · Splunk Cloud Platform +2
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.3 and 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205 Description: A low-privileged user without the "admin" or "power" Splunk roles could create a malicious payload through ...
SUSE CVE-2016-0766
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via unspecified vectors...
UBUNTU-CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...
PT-2023-19087 · Sanitize +3 · Sanitize +3
Name of the Vulnerable Software and Affected Versions: Sanitize versions 5.0.0 through 6.0.1 Description: Sanitize is an allowlist-based HTML and CSS sanitizer. When configured with a custom allowlist that allows noscript elements, attackers can include arbitrary HTML, resulting in cross-site...