Quanta QOCA aim AI Medical Cloud Platform 安全漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...

PT-2026-1297

Name of the Vulnerable Software and Affected Versions Samsung Magician versions 6.3.0 through 8.3.2 Description The software installer creates a temporary folder with insufficient permissions during the installation process on Windows. This allows a non-administrative user to potentially perform...

Quanta QOCA aim AI Medical Cloud Platform 安全漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...

EUVD-2025-205528

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

CVE-2025-15076

A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2025-13703

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code ...

EUVD-2025-204984

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code ...

CVE-2025-13703

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code ...

CVE-2025-13703

VIPRE Advanced Security for PC is affected by CVE-2025-13703 due to incorrect permissions on a folder in the product installer, enabling local privilege escalation to SYSTEM for code execution after bypassing low-privilege startup. Exploitation details are not provided in the available documents....

CVE-2025-13703 VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code ...

VIPRE Advanced Security 安全漏洞

VIPRE Advanced Security is an antivirus security software from VIPRE Corporation. A security vulnerability exists in VIPRE Advanced Security that stems from an improperly assigned folder permissions in the product's installer, which could result in local elevation of privileges...

CVE-2025-34290

Versa SASE Client for Windows versions 7.8.7–7.9.4 contain a local privilege escalation in the audit log export feature. The client passes user-controlled file paths to a privileged service, which performs file-system operations without impersonating the requesting user. A TOCTOU race condition c...

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

EUVD-2025-204340

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

CVE-2025-62001 BullWall Ransomware Containment hard-coded folder exclusions

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...