CVE-2026-35496

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

CVE-2024-47856

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...

PT-2025-47969

Name of the Vulnerable Software and Affected Versions RSA Authentication Agent versions prior to 7.4.7 Description The RSA Authentication Agent is susceptible to a path interception issue affecting service paths and shortcut paths. This occurs when a path contains spaces and is not enclosed in...

PT-2025-46376

Name of the Vulnerable Software and Affected Versions NVIDIA AIStore affected versions not specified Description NVIDIA AIStore contains a security flaw in the Authentication AuthN component. A successful exploit of this issue may lead to escalation of privileges, information disclosure, and data...

EUVD-2024-44447

Malicious code in bioql PyPI...

Security Bulletin: IBM InfoSphere Information Server Low Level Authenticated User Can View Higher Level User And Group Listing (CVE-2022-36772)

Summary A vulnerability in IBM InfoSphere Information Server allowed lower level authenticated user to view other users and groups list. The scope of the vulnerability was limited in nature. The flaw gave such users VIEW access only. This vulnerabity was addressed. Vulnerability Details...

GHSA-H5JH-RP76-Q242 RuoYi has insecure permissions

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11088

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

[SECURITY] Fedora 40 Update: rust-reqwest-0.12.8-1.fc40

Higher level HTTP client library...

CVE-2023-34120

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by t...

Cisco DNA Center Privilege Escalation (cisco-sa-dnac-privesc-QFXe74RS)

The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.6 or is 2.3.4.x. It is, therefore, affected by a privilege escalation vulnerability. Due to unintended exposure of sensitive information in the web-based management interface, an authenticated remote attacker can inspe...

CVE-2021-46085

OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority...

Cross-site Scripting (XSS) - Stored in combodo/itop

💥 BUG stored xss via problem title 💥 STEP TO REPRODUCE Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1n7ni3y5LNkK2ntrTTvVNLNOEmf2iKReO/view?usp=sharing 💥 Impact I see there is many different type of role base user . So, user who has permission to create problem can ma...

CVE-2021-23879

The CVE-2021-23879 entry describes an unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool, before version 21.2. The flaw allows local administrators to execute arbitrary code with elevated privileges by placing files in an insecure path where the tool runs, due to th...

CVE-2019-5613

In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated...

Weblogic Deserialization, Override Access Vulnerability in Zhejiang Insurance Expense Reimbursement System

CR Nebula is an innovative technology company that pioneered the use of mobile internet technology and experience to "elevate" enterprise-level financial management. A weblogic deserialization, override access vulnerability exists in the Zhejiang Insurance Expense Reimbursement System, which can ...

IDA-minsc Wins Second Place in Hex-Rays Plugins Contest

Introduction Ali Rizvi-Santiago of Cisco Talos recently tied for second place in the IDA plugin contest with a plugin named "IDA-minsc." IDA is a multi-processor disassembler and debugger created by the company Hex-Rays and this year there were a total of four winners with nine submissions total...

Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validatio...