222 matches found
CVE-2025-68623
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...
GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...
BIT-GITLAB-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect...
EUVD-2025-208593
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...
PT-2026-24724
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...
CVE-2025-68623
CVE-2025-68623 affects Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0. Cisco Talos TALOS-2025-2293 documents a local privilege escalation: during installation, the dxwebsetup.exe installer creates a writable TEMP path, writes dxwsetup.exe, then executes it with high integrity. An at...
Arbitrary Code Injection
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the unzipiter function due to the lack of validation before unpacking untrusted downloaded packages. An attacker c...
CVE-2026-0483
CVE-2026-0483 is a stored XSS in Live Helper Chat’s PDF file upload for versions before 4.72. An attacker can upload a malicious PDF containing an XSS payload; when a user downloads and opens the file via the app’s link, arbitrary JavaScript executes in the user’s context. Public sources (PT Secu...
Malicious code in pyrogrom (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef643052c84683fba662eaded2786ba6fa993e69224608070ad949d4f3d0c3e4 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
Microsoft Edge Mark-Of-The-Web Removal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Improper Cache Control
Liferay Portal is vulnerable to improper cache control. The vulnerability is due to the use of incorrect cache-control headers, which allows an attacker to gain unauthorized access to downloaded files through the browser’s cache...
PT-2025-47160
Name of the Vulnerable Software and Affected Versions GoSign Desktop versions through 2.4.1 Description GoSign Desktop versions through 2.4.1 disable TLS certificate validation when configured to use a proxy server. This occurs if a user selects a proxy server without verifying that outbound HTTP...
Liferay Portal and DXP use an incorrect cache-control header
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
EUVD-2025-37404
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
CVE-2025-62276
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
CVE-2025-62276
The CVE-2025-62276 issue affects Liferay Portal and DXP: Document Library and Adaptive Media modules expose a misconfigured cache-control header across multiple versions (Liferay Portal 7.4.0–7.4.3.111 and legacy DXP releases up to 2023.Q4.10, plus 7.4 GA up to update 92). This header flaw enable...
EUVD-2025-34826
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...
EUVD-2004-0538
Malware in sbrugna...