48 matches found
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
CVE-2025-59106
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...
CVE-2025-59106
CVE-2025-59106 concerns the binary that serves the web server for the dormakaba access manager Web UI, which runs with root privileges. The underlying issue is least-privilege violation due to the Web UI binary executing actions with highest privileges, enabling direct command execution at root i...
EUVD-2025-206378
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...
CVE-2025-1384
Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...
CVE-2025-62382
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...
EUVD-2020-4293
Malware in sbrugna...
EUVD-2025-6173
Malicious code in bioql PyPI...
EUVD-2024-25915
Malicious code in bioql PyPI...
EUVD-2025-6171
Malicious code in bioql PyPI...
EUVD-2025-21287
Malicious code in bioql PyPI...
CVE-2025-8758
A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The...
CVE-2025-8757
A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approa...
CVE-2025-8758 TRENDnet TEW-822DRE vsftpd least privilege violation
A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The...
CVE-2025-8757 TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation
A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approa...
CVE-2025-8757 TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation
A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approa...
CVE-2025-8757
The CVE-2025-8757 entry concerns TRENDnet TV-IP110WN (firmware 1.2.2). Affected component: Embedded Boa Web Server, specifically the /server/boa.conf file. Root cause is described as a least-privilege violation in the manipulated configuration, allowing local attackers to exploit the issue. Explo...
CVE-2025-8181
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
PT-2025-32445 · Vsftpd +1 · Vsftpd +1
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...
CVE-2025-8181
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...