EUVD-2025-205001

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14405

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14405

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14405 PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14405 PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14405

CVE-2025-14405 affects PDFsam Enhanced. The root cause is loading an OpenSSL configuration file from an unsecured location, enabling a locally exploited privilege escalation to SYSTEM after a physically-present attacker mounts a malicious drive. The vulnerability is described across multiple sour...

CVE-2025-14405

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

Konica Bizhub Multifunction Printers Improper Handling of Exceptional Conditions (CVE-2021-20870)

When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504857; scriptversion"1.2";...

Synology BeeStation (BSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology BeeStation BSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report publishe...

CVE-2025-67790

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death BSOD on Windows computers by using an IOCTL and an unterminated string...

PT-2025-51917

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1.5 DriveLock versions 24.2 through 24.2.6 DriveLock versions 25.1 through 25.1.4 Description An unprivileged user can potentially cause a Blue Screen Of Death BSOD on Windows computers. This is achieved by...

EUVD-2025-203953

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Authenticated users can retrieve the computer count of other DriveLock tenants via the DriveLock API...

PT-2025-51919

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2. DriveLock versions 25.1 through 25.1.5 Description A flaw exists in DriveLock where users possessing the "Manage roles and permissions" privilege can elevate their own...

EUVD-2025-203835

systeminformation has a Command Injection vulnerability in fsSize function on Windows...

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the fsSize function when the drive parameter is concatenated into a PowerShell command without proper sanitization. An attacker can execute arbitrary...

systeminformation has a Command Injection vulnerability in fsSize() function on Windows

Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

DEBIAN-CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...