7280 matches found
CVE-2025-59893
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59892
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59894
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-69604
CVE-2025-69604 affects Shirt Pocket’s SuperDuper! 3.11 and earlier. A local attacker can modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thereby bypassing macOS privacy controls. Affected component: the SuperDu...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
EUVD-2025-206519
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
PT-2026-5345
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...
CVE-2026-24857
bulkextractor is a digital forensics exploitation tool. Starting in version 1.4, bulkextractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN and...
CVE-2026-24857 bulk_extractor has Heap-based Buffer Overflow vulnerability
bulkextractor is a digital forensics exploitation tool. Starting in version 1.4, bulkextractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN and...
EUVD-2026-4855
bulkextractor is a digital forensics exploitation tool. Starting in version 1.4, bulkextractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN and...
CVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59896
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59900
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59898
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59895
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service DoS vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious reques...
CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...
CVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...