CVE-2025-14489

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

PT-2025-34654 · D Link · Dsl-7740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL-7740C versions DSL7740C.V6.TR069.20211230 Description: An incorrect access control issue exists in the Maintenance module. Authenticated attackers with low-level privileges can arbitrarily change high-privileged account passwords a...

Linux Distros Unpatched Vulnerability : CVE-2023-21987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

Linux Distros Unpatched Vulnerability : CVE-2023-21889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior t...

CVE-2025-46849

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Linux Distros Unpatched Vulnerability : CVE-2020-14846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2025-21501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and pri...

PT-2025-6362 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker...

PT-2025-6358 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker...

CVE-2024-9766

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

PT-2024-6959 · Adobe · Magento Open Source +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Description: The issue is related to an Improper Access Control vulnerability that...

PT-2023-9608 · Oracle · Peoplesoft Enterprise Elm Enterprise Learning Management

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise ELM Enterprise Learning Management version 9.2 Description: The issue is related to a vulnerability in the authorization procedure of the Enterprise Learning Management component. This vulnerability allows a low-privileg...

PT-2023-4024 · Oracle · Oracle Hyperion Workspace

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Workspace version 11.2.13.0.000 Description: The issue is related to insecure privilege management in the UI and Visualization component of Oracle Hyperion Workspace. It allows a low-privileged attacker with network access via...

PT-2023-22062 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 20.2R3-S5 through 20.2R3-S6 Juniper Networks Junos OS versions 20.3R3-S2 through 20.3R3-S5 Juniper Networks Junos OS versions 20.4R3-S1 through 20.4R3-S4 Juniper Networks Junos OS versions 21.1R3 through...

CVE-2021-34854

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2019-11489

CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...

Unitrends UEB 10.0 - Root Remote Code Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

WordPress Gym Management System 07-05-2017 Code Execution / Cross Site Scripting

Exploit Title: WPGYM - Wordpress Gym Management System Member View Add weight Upload image shell.png.php Save Measurement An alert will warn you about incorrect file type but it will still upload it. Go to Workouts View Measurement Right Click on Image View Image or Copy Image URL Paste on your...

CVE-2017-10078 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). (BSA-2017-403)

Security Advisory ID: BSA-2017-403 Component: Java Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low-privileged attacker with network access...