EUVD-2022-31493

Malicious code in bioql PyPI...

CVE-2025-47293

PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...

PT-2025-21651 · Qt Company · Qt

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.19 Qt versions 6.0.0 through 6.5.8 Qt versions 6.6.0 through 6.8.1 Description: The issue arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentiall...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

CVE-2023-42546

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege...

CVE-2023-42549

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege...

Design/Logic Flaw

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'...

Крупные дырки в Internet Explorer (vnd.ms.radio, MSScriptControl.ScriptControl)

Объект с URL типа vnd.ms.radio позволяет выполнить исполняемый файл указав его в качестве codebase. Объект MSScriptControl.ScriptControl позволяет обращение к локальным и удаленным файлам с привелегиями пользователя...