11 matches found
CVE-2026-57269
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-48124
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...
EUVD-2026-37002
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...
PT-2026-49469
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...
CVE-2025-71303
A flaw was found in the Linux kernel. Specifically, within the accel/amdxdna component, a timing issue, known as a race condition, exists during device power management. A local application could submit commands while the device is in an inconsistent state due to an incomplete resume operation...
CVE-2026-42184
Tauri versions 2.0–2.11.0 contain an Origin Confusion flaw in is_local_url() on Windows and Android. The code checks only the first subdomain of the URL, mapping custom URI schemes to http://.localhost/ due to WebView limitations. An attacker can host a page whose subdomain matches the app’s regi...
CVE-2026-41179
A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...
Server side request forgery (ssrf)
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-8126
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
Privilege escalation
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Mercury LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. A specially crafted...