Exploit for Out-of-bounds Write in Fortinet Fortiproxy

watchpost Local threat intelligence database. Aggregates data...

CVE-2025-12792

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC Transparency, Consent, and Control permissions assigned to Canva...

EUVD-2025-4302

Malicious code in bioql PyPI...

EUVD-2024-32754

Malicious code in bioql PyPI...

EUVD-2022-50227

Malicious code in bioql PyPI...

CVE-2024-7402 Netskope Client Configuration Tampering with Local MITM

Netskope has identified a potential gap in its agent Netskope Client in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM Man-in-the-Middle activity on the Netskope Client communication channel. A successful exploitation would require...

CVE-2023-38447

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...

CVE-2024-6097

In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...

CVE-2024-6097

In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...

CVE-2024-6097 Absolute Path Traversal Vulnerability

In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...

CVE-2024-6097 Absolute Path Traversal Vulnerability

In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...

CVE-2024-6097

Progress Telerik Reporting (Progress) is affected in versions prior to 2025 Q1 (19.0.25.211). The vulnerability is an information disclosure via an absolute path traversal that can be exploited by a local threat actor, as described in multiple sources. The CVE-2024-6097 entry confirms the impact ...

CVE-2024-1801

In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2023-40108

In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-6068

A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file...

CVE-2024-6068 Input Validation Vulnerability exists in Arena® Input Analyzer

A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file...

CVE-2024-6068 Input Validation Vulnerability exists in Arena® Input Analyzer

A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file...

CVE-2024-10945

The CVE-2024-10945 entry maps to Rockwell Automation FactoryTalk Updater Agent privilege escalation. The vulnerability stems from a failure to perform proper security checks before installation, enabling a local, low-privileged attacker to replace certain files during an update. Affected software...

CVE-2024-4200

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-4200

Progress Telerik Reporting (prior to 2024 Q2; 18.1.24.2.514) is affected by an insecure deserialization vulnerability that can lead to code execution by a local attacker. The issue affects the remote Windows host running the product, with the root cause being insecure deserialization in the appli...