CVE-2025-15245

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

CVE-2025-15155 floooh sokol sokol_gfx.h _sg_pipeline_desc_defaults stack-based overflow

A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function sgpipelinedescdefaults in the library sokolgfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now...

CVE-2025-15155

Concrete details available: CVE-2025-15155 affects floooh sokol up to commit 16cbcc864012898793cd2bc57f802499a264ea40, specifically the _sg_pipeline_desc_defaults function in sokol_gfx.h. The issue is a stack-based buffer overflow (root cause: improper handling in the _sg_pipeline_desc_defaults p...

NewStart CGSL MAIN 7.02 : binutils Multiple Vulnerabilities (NS-SA-2025-0255)

The remote NewStart CGSL host, running version MAIN 7.02, has binutils packages installed that are affected by multiple vulnerabilities: - A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of th...

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 – Sudo Hostname Bypass Privilege Escalation !...

EUVD-2025-205012

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2025-14956

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

AZL-72853 CVE-2025-59529 affecting package avahi 0.8-7

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2550)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the fil...

CVE-2025-14569

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function readaudiodata of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project w...

CVE-2025-34288 Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

CVE-2025-34288 Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

CVE-2025-14699 Municorn FAX App biz.faxapp.app path traversal

A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used...

PT-2025-51181

Name of the Vulnerable Software and Affected Versions Ugreen DH2100+ versions up to 5.3.0 Description A flaw exists in the USB Handler component of Ugreen DH2100+ that allows for symlink following. This issue can be directly exploited on the physical device. The exploit has been publicly disclose...

PT-2025-50961

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read audio data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project...

Exploit for Use After Free in Microsoft

CVE-2025-62221 Windows Cloud Files Mini Filter Driver Exploit...

CVE-2025-59517

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-59516

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...