266 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified inode pattern loaded from disk, which could lead to data corruption...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
EUVD-2025-201277
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter...
CVE-2025-66572
Loaded Commerce 6.6 is affected by a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter . The root cause is CSTI in the template handling, enabling remote code execution. Public documentation notes there is cur...
CVE-2025-66572
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...
Loaded Commerce 操作系统命令注入漏洞
Loaded Commerce is an open source e-commerce platform from Loaded Commerce, Inc. An operating system command injection vulnerability exists in Loaded Commerce version 6.6, which stems from a client-side template injection vulnerability that could lead to code execution on the server via search...
PT-2025-49140
Name of the Vulnerable Software and Affected Versions Loaded Commerce version 6.6 Description Loaded Commerce version 6.6 has a client-side template injection issue. This allows unauthenticated attackers to execute code on the server through the search parameter. The issue allows for code...
SUSE CVE-2025-40134
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...
CVE-2025-40134 dm: fix NULL pointer dereference in __dm_suspend()
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...
CVE-2025-10885
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
EUVD-2025-38147
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
CVE-2025-10885
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
CVE-2025-10885
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
CVE-2025-10885 Privilege Escalation Vulnerability
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
CVE-2025-10885
CVE-2025-10885 – Autodesk Installer Privilege Escalation: A local, low-privilege attacker can craft a malicious file that is loaded during installation, taking advantage of insufficient validation of loaded binaries to execute code as NT AUTHORITY\SYSTEM. The linked Nessus/NASL entry confirms the...
PT-2025-45342
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A maliciously crafted file, when executed on a victim’s machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM. This occurs due to insufficient validation of loaded binaries. An attacker wi...
Linux Distros Unpatched Vulnerability : CVE-2025-39969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to...
SUSE CVE-2025-39969
In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use...