CVE-2023-44976

The CVE-2023-44976 entry describes a local privilege escalation in Hangzhou Shunwang Rentdrv2 (pre-2024-12-24) where a local user can terminate EDR processes via DeviceIoControl with control code 0x22E010, with exploitation observed in October 2023. Public sources in connected documents corrobora...

CVE-2023-44976

Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023...

PT-2025-31640 · Hangzhou Shunwang · Hangzhou Shunwang Rentdrv2

Name of the Vulnerable Software and Affected Versions: Hangzhou Shunwang Rentdrv2 versions prior to 2024-12-24 Description: Hangzhou Shunwang Rentdrv2 is susceptible to a local privilege escalation issue. An attacker can terminate Endpoint Detection and Response EDR processes using a...

Malicious code in processes-widget-fe-commons (npm)

--- -= Per source details. Do not edit below this line.=-...

pentest-wiki

This repository is an online security knowledge library for pentesters/researchers, providing information on various topics related to information gathering. The repository contains documentation on how to gather whois and DNS information, as well as Linux system architecture, processes, and user...

EulerOS 2.0 SP12 : screen (EulerOS-SA-2025-1841)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when...

EulerOS 2.0 SP12 : screen (EulerOS-SA-2025-1840)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

CVE-2025-51497

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22...

Google Pixel Buffer Overflow Vulnerability (CNVD-2025-16956)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...

Secure Goal-Oriented Communication: Defending against Eavesdropping Timing Attacks

Goal-oriented Communication GoC is a new paradigm that plans data transmission to occur only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver's...

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.

The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by sending specially crafted HTTP requests remotely...

CVE-2025-6712

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

UBUNTU-CVE-2025-6712

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

PT-2025-28171

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 8.0.10 Description: The issue is related to inefficiencies in memory management within internal operations of the MongoDB Server. When certain internal processes take longer than expected, memory consumption c...

CVE-2025-38141

In the Linux kernel, the following vulnerability has been resolved: dm: fix dmblkreportzones If dmgetlivetable returned NULL, dmputlivetable was never called. Also, it is possible that md-zonerevalidatemap will change while calling this function. Only read it once, so that we are always using the...

Nix、lix和GNU Guix 安全漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community. gnu guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source. lix is a package manager. nix et all is a product of the Nix open source. nix is a powerful package...

PT-2025-32187 · "Вебсофт Девелопмент" · Websoft Hcm

Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию...