CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information...

Arbitrary Code Injection

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Arbitrary Code Injection via modification of the resources folder when the embeddedAsarIntegrityValidation...

Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning

When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...

CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information...

CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information...

CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information...

CVE-2025-21041

Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information...

CVE-2025-21041

CVE-2025-21041 concerns Samsung Secure Folder on Android versions earlier than 16. The issue is described as insecure storage of sensitive information, enabling local attackers to access confidential data due to inadequate protection in the Secure Folder storage. Affected product is Samsung Secur...

SAMSUNG Secure Folder 安全漏洞

SAMSUNG Secure Folder is a privacy protection software from Samsung South Korea. A security vulnerability exists in SAMSUNG Secure Folder Android prior to version 16, which stems from insecure storage of sensitive information and could lead to a local attacker accessing sensitive information...

PT-2025-35695

Name of the Vulnerable Software and Affected Versions: Android versions prior to 16 Description: The Secure Folder feature exhibits insecure storage of sensitive information, potentially allowing local attackers to gain unauthorized access to this data. Recommendations: Update to Android version ...

CVE-2025-9770

A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack...

CVE-2025-9404

A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2025-9578

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 40734...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via insufficient validation in the getConfigFile function in the UIConfigRest class. An attacker can gain unauthorized access to files located in directories that share a common prefix with the intended folder by...

CVE-2025-55202

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases...

CVE-2025-9578

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 40734...

CVE-2025-9578

CVE-2025-9578 affects Acronis Cyber Protect Cloud Agent (Windows) prior to build 40734. A local privilege escalation arises from insecure folder permissions in the agent, enabling a non-privileged user to gain higher privileges on the host. The issue is documented across multiple sources (Red Hat...

CVE-2025-9578

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 40734...

CVE-2025-9578

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 40734...

Acronis Cyber Protect Cloud Agent 安全漏洞

Acronis Cyber Protect Cloud Agent is a cloud agent from Acronis Switzerland. A security vulnerability exists in versions prior to Acronis Cyber Protect Cloud Agent build 40734, which stems from insecure folder permissions that could lead to local elevation of privileges...