JumpServer 安全漏洞

JumpServer is an open source bastion machine from Feizhiyun Information Technology JumpServer, Hangzhou, China. A security vulnerability exists in JumpServer versions prior to v3.10.20-lts and prior to v4.10.11-lts, which stems from a SuperConnect API endpoint that does not properly restrict acce...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.3, which stems from insecure file and comma...

ThreatFire System Monitor 安全漏洞

ThreatFire System Monitor is a security protection software from ThreatFire, Inc. A security vulnerability exists in ThreatFire System Monitor version v4.7.0.53, which stems from improper kernel driver access control and could lead to elevation of privilege and execution of arbitrary commands...

Microsoft Azure Event Grid System Access Control Error Vulnerability

Microsoft Azure Event Grid System is a fully managed event routing service system from Microsoft Corporation, USA. The Microsoft Azure Event Grid System is vulnerable to an access control error vulnerability that stems from improper access control and could lead to elevation of privilege. An...

编号撤回

Wazuh File Integrity Monitoring is a file integrity monitoring software from Wazuh USA. A security vulnerability exists in Wazuh File Integrity Monitoring that stems from insufficient synchronization and inadequate final path validation in the threat removal workflow, which could lead to local...

EUVD-2025-35745

Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-59500

Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

PT-2025-43506

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue resides in the hasAccountsOnAnyUser function within DevicePolicyManagerService.java. A logic error in the code allows for the addition of a Device Owner after provisioning. This can...

WordPress plugin Academy LMS 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress plugin Academy LMS due to the...

WordPress plugin SmartCrawl 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Fortinet FortiDLP Path Traversal Vulnerability

Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a path traversal vulnerability, which stems from the program failing to properly filter special elements in the path of a resource or file, and can be exploited by an...

NETLINK HG322G 安全漏洞

The NETLINK HG322G is a fiber optic network terminal from NETLINK. A security vulnerability exists in the NETLINK HG322G version V1.0.00, which stems from improper authentication of the web-based management interface, which could allow a remote, unauthenticated attacker to elevate privileges and...

Microsoft Windows SMB Server Access Control Error Vulnerability

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...

Ivanti Endpoint Manager Deserialization Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a deserialization...

CVE-2025-54267

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileg...

CVE-2025-59292

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...

CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally...

CVE-2025-59201

Improper access control in Network Connection Status Indicator NCSI allows an authorized attacker to elevate privileges locally...

CVE-2025-55692

Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally...

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...