Bitdefender Endpoint Security Tool 安全漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in versions prior to Bitdefender Endpoint Security Tool 7.20.52.200087, which stems from improperly restricting folder access and could allow a...

ZOHO ManageEngine Exchange reporter Plus 安全漏洞

ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in Zoho ManageEngine Exchange Reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...

PT-2025-46318

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below Description The software contains a Stored Cross-Site Scripting XSS issue within the Folder Message Count and Size report. This allows for the injection of malicious scripts...

EUVD-2025-50803

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-56503

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted binary in the installation folder. NOTE: this is disputed by the Supplier because replacing the...

PT-2025-46189

Name of the Vulnerable Software and Affected Versions Sublime Text versions 4200 Description An issue in Sublime Text 4 version 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator. This is achieved by replacing the uninstall file with a crafted...

Sublime Text 安全漏洞

Sublime Text is a cross-platform, extensible text editor from Sublime, Inc. A security vulnerability exists in Sublime Text version 4 4200 that originates from a low-privilege attacker who can replace uninstalled files in the installation folder, potentially resulting in elevated privileges...

CVE-2025-56503

The CVE-2025-56503 entry concerns Sublime Text 4 (build 4200). Affected component is the installer/uninstall mechanism, where a crafted binary placed in the installation folder can replace the uninstall file, purportedly enabling privilege escalation to Administrator for authenticated, low-privil...

EUVD-2025-38325

A stored cross-site scripting XSS vulnerability in the CrushFTP 11.3.750 Admin Panel Reports / 'Who Created Folder' allows authenticated attackers with permissions to create folders to inject malicious HTML/JavaScript...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CVE-2025-63420

CrushFTP11 before 11.3.757 is vulnerable to stored HTML injection in the CrushFTP Admin Panel Reports / "Who Created Folder", enabling persistent HTML execution in admin sessions...

CrushFTP 安全漏洞

CrushFTP is a file transfer server from CrushFTP, Inc. A security vulnerability exists in CrushFTP version 11.3.750, which stems from the Reports/Who Created Folder feature in the Admin Panel not handling input correctly, which could lead to a stored cross-site scripting attack...

PT-2025-45509

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.7 50 Description A stored cross-site scripting XSS issue exists in the CrushFTP Admin Panel, specifically within the Reports / 'Who Created Folder' section. Authenticated attackers who have folder creation permissions can...

CVE-2025-63420

CVE-2025-63420 affects CrushFTP11 prior to 11.3.7_57, where a stored HTML injection in the Admin Panel (Reports / “Who Created Folder”) enables HTML execution in authenticated admin sessions. The root cause is stored HTML injection via folder-creation input, leading to persistent XSS. The exploit...

Metasploit Wrap-Up 10/31/2025

New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...

Windows Persistent Startup Folder

This module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems. Module Options msf use exploit/windows/persistence/startupfolder msf exploitstartupfolder show targets ...targets... msf exploitstartupfolder set TARGET msf...

EUVD-2025-36694

An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder...