CVE-2025-12915 70mai X200 Init Script file inclusion

A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associated with this attack. The exploitability is...

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

70mai X200 安全漏洞

70mai X200 is a head-only car recorder from 70mai 70mai, a Chinese company. A security vulnerability exists in 70mai X200 20251019 and earlier versions, which stems from a file inclusion issue in the component Init Script Handler that could lead to a local attack...

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343

CVE-2025-64343 affects the conda Constructor tool. In versions 3.12.2 and earlier, the installation directory inherits permissions from its parent, and outside restricted directories those permissions can permit write access by authenticated users. Any logged-in user could modify during installat...

EUVD-2025-38241

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

CVE-2025-10885 Privilege Escalation Vulnerability

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

CVE-2025-21077

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI prior to 2024R1.4.2 is affected by overly permissive permissions on systemd unit files, notably nagios.service having executable permissions not required. This could broaden local attack surface. Affected versions should be updated to 2024R1.4.2 or later; monitoring advisories also note...

CVE-2025-34135 Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-10924

A remote code execution RCE vulnerability exists in GIMP’s FF file parsing functionality. The flaw stems from improper validation of user-supplied data, leading to an integer overflow before buffer allocation. When a user opens a malicious FF image file, the overflow can cause incorrect memory...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.4.2, which stems from overly lax...

EUVD-2025-36537

Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests...

CVE-2025-12207

A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may...

AntiDupl 后置链接漏洞

AntiDupl is a program by the individual developer Ihar Yermalayeu that searches for similar and defective images on disk. AntiDupl 2.3.12 and earlier versions suffer from a backlink vulnerability that stems from a link-following issue in the file AntiDupl.NET.WinForms.exe of the component Delete...

CVE-2025-12286

CVE-2025-12286 affects VeePN up to version 1.6.2, specifically the AVService component (C:\Program Files (x86)\VeePN\avservice\avservice.exe). The root cause is an unquoted search path in AVService, enabling a local attacker to exploit the condition with high complexity. Descriptions consistently...