CVE-2025-36640 Local Privilege Escalation

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

CVE-2025-36640 Local Privilege Escalation

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges...

EUVD-2025-203897

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

PT-2025-51844

Name of the Vulnerable Software and Affected Versions Portrait Dell Color Management versions through 3.3.008 Description The Portrait Dell Color Management application creates a temporary folder with weak permissions during installation and uninstallation. A local attacker with limited privilege...

CVE-2025-53919

An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevati...

GHSA-3FQ7-C5M8-G86X Mautic user without privileged access to the Marketplace can install and uninstall composer packages

Summary A non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. Impact A low-privileged user of the platform can install malicious code to obtain higher privilege...

EUVD-2025-112424

Malicious code in install-uninstall-eridanus-nightwatch npm...

MAL-2025-143689 Malicious code in install-uninstall-eridanus-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55a783a109f2ecd48aebe6cfed3f14cd877e84d3a42b39daae06e048a0c8599f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143690 Malicious code in install-uninstall-mira-sass-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7e84c856cd0e9886740c1235d889f235ed09f42e79e4b38c5ce76c4e8b49ec2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112423

Malicious code in install-uninstall-mira-sass-loader npm...

PT-2023-21590 · Qualys · Qualys Cloud Agent For Windows

Name of the Vulnerable Software and Affected Versions: Qualys Cloud Agent for Windows versions prior to 4.8.0.31 Description: An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform. Attackers may write files to arbitrary locations via a local attack vector, allowing them...

VulnCheck KEV: CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

CVE-2021-1496

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

GHSA-426H-24VJ-QWXF Command Injection in npm-programmatic

All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...

Joomla MacGallery Database Disclosure Vulnerability

The Joomla commacgallery component suffers from a database disclosure vulnerability. Exploit Title : Joomla commacgallery Components Apptha Install-Uninstall Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Vendor...

Joomla com_macgallery Install-Uninstall Database Backup Information Disclosure Vulnerability

Joomla is an open source content management system CMS. An information disclosure vulnerability exists in Joomla commacgallery Install-Uninstall Database Backup. An attacker can exploit to obtain sensitive information...