6839 matches found
WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass
Overview WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbol...
CVE-2025-24148
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks...
CVE-2025-24148
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks...
CVE-2025-24148
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks...
CVE-2025-24148
CVE-2025-24148 affects macOS where the issue stems from improved handling of executable types, allowing a malicious JAR to bypass Gatekeeper checks. Active impact details in the provided data come from macOS updates: Ventura 13.7.5, Sequoia 15.4, and Sonoma 14.7.5 address the vulnerability. The C...
CVE-2025-24148
This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper checks...
Potential out-of-bounds read with a malformed ELF file and the HashTable API.
Affected versions of this crate only validated the index argument of HashTable::getbucket and HashTable::getchain against the input-controlled bucketcount and chaincount fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a...
CVE-2025-25598
Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR CM v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task...
CVE-2025-2264
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed...
CVE-2025-22213
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
Joomla 4.0.x < 4.4.12 / 5.0.x < 5.2.5 Joomla 5.2.5 Security & Bugfix Release (5922-joomla-5-2-5-security-bugfix-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.12 or 5.0.x prior to 5.2.5. It is, therefore, affected by a vulnerability. - Inadequate checks in the Media Manager allowed users with edit privileges to change file extension to...
CVE-2025-24796
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2025-24796
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
MicroDicom DICOM Viewer 缓冲区错误漏洞
MicroDicom DICOM Viewer is a lightweight and easy-to-use application from MicroDicom, Inc. for processing and viewing medical images in DICOM format. A buffer error vulnerability exists in MicroDicom DICOM Viewer version 2025.1 Build 3321, which stems from an unknown function in the file mDicom.e...
The vulnerability of the executable file Def.exe of the Interactive Graphical SCADA System (IGSS) module allows a intruder to gain unauthorized access to protected information or execute arbitrary code.
The vulnerability of the executable file Def.exe of the Interactive Graphical SCADA System IGSS module involves the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information or execute...
CVE-2025-1067
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the fil...