CVE-2025-14265

CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...

CVE-2025-66022

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

CVE-2025-66022 FACTION Unauthenticated Custom Extension Upload leads to RCE

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

PT-2025-48124

Name of the Vulnerable Software and Affected Versions FACTION versions prior to 1.7.1 Description FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, a flaw in the extension framework allows untrusted extension code to execute arbitrary system commands o...

CVE-2021-42286

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability...

CVE-2021-42286 Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

...

PT-2021-5042 · Microsoft · Windows Core Shell Si Host Extension Framework For Composable Shell +1

Name of the Vulnerable Software and Affected Versions: Windows Core Shell SI Host Extension Framework for Composable Shell affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Core Shell SI Host Extension Framework for Composable She...

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music,...

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music,...

Null pointer dereference

Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...

CVE-2011-1813

Google Chrome vulnerability CVE-2011-1813 affects Chrome prior to 12.0.742.91, due to a flaw in the extension framework that can cause a stale pointer. This can lead to denial of service and possibly other impact via unspecified vectors. The issue is tied to multiple Chrome vulnerabilities fixed ...