EUVD-2025-209951

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

CVE-2026-33430

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

CVE-2026-33430

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

CVE-2026-28821

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain elevated privileges...

GHSA-R3R2-35V9-V238 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Impact If a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

Dell Secure Connect Gateway 安全漏洞

Dell Secure Connect Gateway Dell SCG is a secure connect gateway from Dell USA. A security vulnerability exists in Dell Secure Connect Gateway versions 5.26 through 5.30, which originates from execution with unnecessary privileges and could result in elevated privileges...

CVE-2025-34334

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

EUVD-2019-17942

Malware in sbrugna...

EUVD-2019-3439

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-39361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Sin...

SAP SAPCAR 安全漏洞

SAP SAPCAR is a utility program for compressing and/or decompressing SAP archive files from SAP, Germany. A security vulnerability exists in SAP SAPCAR that stems from an elevated privilege user being able to override directory permissions, which could result in elevated privileges...

PT-2025-18693 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.5.0 and earlier Description: The issue concerns a privilege context switching error in the PAM JIT feature of Devolutions Server. This error allows a PAM JIT account password to be improperly reset after usa...

OESA-2022-1816 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue ...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

AZL-9318 CVE-2022-27651 affecting package buildah 1.18.0-29

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with...