webkitgtk: An app may be able to access sensitive user data

A flaw was found in WebKitGTK. Processing or loading malicious web content can allow an app to access sensitive user data due to improper data protection...

EUVD-2026-30062

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

CVE-2025-58079

Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...

CVE-2025-58079

The advisory shows CVE-2025-58079 in desknet’s NEO AppSuite (desknet’s NEO, versions V4.0R1.0–V9.0R2.0) with CWE-424 (Improper Protection of Alternate Path). Root cause: improper access protection enabling a remote attacker to create malicious AppSuite applications. Impact per sources indicates a...

CVE-2025-58079

Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...

EUVD-2023-53561

Malicious code in bioql PyPI...

CVE-2025-9709

CVE-2025-9709 concerns the Nordic Semiconductor nRF52810, where the On-Chip Debug and Test Interface has improper access control and insufficient protection against electromagnetic fault injection (EM-FI). Reports describe that an attacker can perform EM fault injection to bypass the built-in APP...

The vulnerability of the commercial vBulletin web forum, related to improper protection of the alternative path, allows a hacker to execute arbitrary code.

The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-8781

Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform ASP allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform ASP: v1.4.25.188...

CVE-2022-24932

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...

CVE-2022-39875

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-34028link is external Commvault Command Center Path Traversal Vulnerability CVE-2024-58136link is external Yiiframework Yii Improper Protection of Alternate Pa...

CVE-2024-8781

Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform ASP allows Privilege Escalation, -Privilege Abuse. This issue affects Application Security Platform ASP: v1.4.25.188...

PT-2024-39247 · Unknown · Tr7 Application Security Platform

Name of the Vulnerable Software and Affected Versions: TR7 Application Security Platform ASP version 1.4.25.188 Description: The issue affects the TR7 Application Security Platform ASP due to an Improper Protection of Alternate Path vulnerability, allowing Privilege Escalation and Privilege Abuse...

CVE-2024-20885

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission...

Siemens LOGO! and SIPLUS LOGO!

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-5635 User Enumeration in ArslanSoft's Education Portal

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting. This issue affects Education Portal: before v1.1...

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1...

CVE-2023-5443 User Enumeration in EDM Informatic's E-Invoice Software

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1...