17 matches found
EUVD-2025-199690
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...
CVE-2025-66022 FACTION Unauthenticated Custom Extension Upload leads to RCE
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...
Google ChromeOS Permission Issues Vulnerability
Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...
CVE-2025-6179
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...
CVE-2025-6179 ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...
CVE-2025-6179
Summary of CVE-2025-6179 (ChromeOS) : The issue is a permissions bypass in ChromeOS Extension Management affecting Google ChromeOS, version 16181.27.0 on managed devices. The underlying problem allows a local attacker to disable extensions and gain Developer Mode, including loading additional ext...
Google ChromeOS 安全漏洞
Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...
CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...
ManageWiki 授权问题漏洞
ManageWiki is an open source extension for Miraheze. A license issue vulnerability exists in ManageWiki, which stems from improper extension management and could result in restricted extensions being automatically disabled...
PT-2025-25577 · Google · Chrome Os
Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 16181.27.0 Description: The issue allows a local attacker to bypass permissions in Extension Management, enabling them to disable extensions and access Developer Mode. This can lead to the loading of additional...
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...
ALPINE-CVE-2022-2625
A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...
Apple macOS 安全特征问题漏洞
Apple macOS is a specialized operating system developed by Apple for Mac computers. A security signature issue vulnerability exists in Apple macOS prior to version 11.4, which originates in the Kext Management subsystem, and can be exploited by a local attacker to bypass implemented security...
OPENSUSE-SU-2020:2318-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-55 bsc1180039 CVE-2020-16042 bmo1679003 Operations on a BigInt could have caused uninitialized memory to be exposed...
PT-2020-1242 · Libyang · Libyang
Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r3 Description: A NULL pointer dereference issue is present in the lys extension instances free function due to a copy of unresolved extensions in lys restr dup. This can cause applications that use libyang to...
macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul
Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...
Stable Channel Update
The Chrome team is excited to announce the promotion of Chrome 25 to the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including: Improvements in managing and securing your extensions Better support for HTML5 time/date inputs...