156 matches found
CVE-2024-13917
An application "com.pri.applock", which is pre-loaded on Kruger smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...
CVE-2024-47485
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...
CVE-2023-36922
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...
CVE-2021-37670
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...
CVE-2018-17014
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for ipmacbind name...
CVE-2025-43564
Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...
CVE-2025-43563
CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...
CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...
IBM Sterling Control Center Cross-Site Scripting Vulnerability (CNVD-2025-09285)
IBM Sterling Control Center is an application system from International Business Machines IBM. A centralized monitoring and management system. IBM Sterling Control Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...
Adobe XMP Toolkit Buffer Overflow Vulnerability
Adobe XMP Toolkit is a toolkit from the American company Audobee Adobe. Adobe XMP Toolkit suffers from a buffer overflow vulnerability that originates from mishandling a malicious user-supplied file, causing the program to read memory data outside of boundaries, which can be exploited by an...
CVE-2025-3287 Local Code Execution Vulnerability in Arena®
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...
Yonyou UFIDA ERP-NC /help/systop.jsp file cross-site scripting vulnerability
Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability, whi...
CVE-2025-30765 WordPress FlexStock plugin <= 3.13.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPPOOL FlexStock stock-sync-with-google-sheet-for-woocommerce allows Blind SQL Injection.This issue affects FlexStock: from n/a through = 3.13.1...
PT-2025-12871 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue allows unauthorized excessive creation of options on the aip map url callback function due to insufficient restrictions. This enables...
How Cybercriminals Exploit Public Info for Attacks: Understanding Risks and Prevention
Cybercriminals are skilled at using public information to their advantage. Knowing how they gather this data can help…...
Linux Distros Unpatched Vulnerability : CVE-2016-10158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial ...
CVE-2025-22624
CVE-2025-22624 affects FooGallery – Responsive Photo Gallery (WordPress plugin) up to version 2.4.29. The issue is a reflected XSS arising from unvalidated untrusted data in myapp/extensions/albums/admin/class-meta-boxes.php. Public references confirm the vulnerability and indicate a patch is ava...