CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

CVE-2022-37900

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

EUVD-2020-18377

Malware in sbrugna...

EUVD-2024-41300

Malicious code in bioql PyPI...

EUVD-2021-34064

Malicious code in bioql PyPI...

EUVD-2023-54042

Malicious code in bioql PyPI...

EUVD-2023-36722

Malicious code in bioql PyPI...

EUVD-2023-42984

Malicious code in bioql PyPI...

CVE-2025-50127

A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-42980

SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system...

CVE-2023-28469

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0...

CVE-2022-46763

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...

CVE-2025-20226 Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...

Siemens SCALANCE W700 Out-of-bounds Write (CVE-2023-2194)

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace data-block0 variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This flaw could allow a local privileged...

CVE-2024-1356

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2024-43705 GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)

Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory...

CVE-2024-46972 GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2024-47102 IBM AIX denial of service

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service...