CVE-2020-24159

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0...

EUVD-2022-5243

Malicious code in bioql PyPI...

EUVD-2023-25500

Malicious code in bioql PyPI...

EUVD-2025-6688

Malicious code in bioql PyPI...

EUVD-2023-41867

Malicious code in bioql PyPI...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

CVE-2025-41365

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

CVE-2025-4280

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

Exploit for CVE-2024-32962

Poc-CVE-2024-32962-xml-crypto A simulation of an atta...

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or functions.

The vulnerability of the Date Picker function in Mozilla Firefox and Firefox ESR browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to provide arbitrary permissions and gain unauthorized access to data or function...

PT-2024-18395 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to v8.1.9 Description: Mattermost fails to check the invite guest permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest...

PT-2023-29119 · Lg · Com.Lge.Abba

Name of the Vulnerable Software and Affected Versions: com.lge.abba affected versions not specified Description: The issue is related to the use of implicit PendingIntents without the PendingIntent.FLAG IMMUTABLE set, which can lead to theft and/or over-write of arbitrary files with system...

CVE-2018-14989

The CVE-2018-14989 entry concerns Plum Compass devices where a pre-installed platform app (com.android.settings, versionCode 23) exposes an exported broadcast receiver. This component allows any co-located app to programmatically perform a factory reset without requiring permissions, potentially ...

Newsgrab 0.5.0pre4 - Multiple LocalRemote Vulnerabilities

Newsgrab 0.5.0pre4 - Multiple LocalRemote Vulnerabilities source: https://www.securityfocus.com/bid/12428/info Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: Newsgrab is reported prone to a directory traversal vulnerability. This vulnerabilit...

IBM DB2 db2job - File Overwrite

source: https://www.securityfocus.com/bid/8344/info IBM's DB2 database ships with a utility called db2job, installed with permissions 4550 and owned by root.db2asgrp. It has been reported that db2job writes to a number of files with root privileges. The files written to are created with 0770...

CVE-1999-0129

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file...