CVE-2020-7358

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

CVE-2025-13953 Bypass in the authentication method of the GTT Sistema de Información Tributario application

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

EUVD-2020-28508

Malware in sbrugna...

EUVD-2020-25230

Malware in sbrugna...

EUVD-2018-4406

Malware in sbrugna...

UBUNTU-CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

SUSE CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

CVE-2025-53513 Zip slip vulnerability in Juju

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

PT-2025-28634

Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns a lack of sufficient authorization checks in the "/charms" endpoint on a Juju controller, allowing any user with an account to upload a charm. This could be exploited by...

AZL-64449 CVE-2025-32462 affecting package sudo for versions less than 1.9.17-1

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

CVE-2020-7381

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Securit...

[SECURITY] Fedora 42 Update: openssh-9.9p1-11.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 40 Update: openssh-9.6p1-2.fc40

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

Siemens QMS Automotive 安全漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A security vulnerability exists in Siemens QMS Automotive version V12.39, which stems from a lack of security controls in the affected application to prevent unencrypted communication without...

SUSE CVE-2017-15047

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service out-of-bounds array index and application crash or possibly have unspecified other impact by leveraging "limited access to the machine."...

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

A Windows 11 Automation Tool Can Easily Be Hijacked

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first...

USN-5549-1 python-django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...