2242 matches found
CVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-53724
CVE-2025-53724 is a Windows Push Notifications vulnerability described as a type confusion that allows an authorized, locally authenticated attacker to elevate privileges. The CVE is linked to Windows Push Notifications and is rated with a base score of 7.8 (HIGH) via CVSS 3.1, with attack vector...
CVE-2025-53725
Technical details about CVE-2025-53725 are not provided in the connected documents. Public exposure, affected components, and fixes are not described here; monitor for updates.
CVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege Vulnerability
...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
CVE-2025-54864
CVE-2025-54864 affects Hydra (Nix-based CI) where the endpoints /api/push-github and /api/push-gitea were called without HTTP Basic authentication, despite the forges implementing HMAC with a secret key. The root cause is missing authentication on those calls, enabling heavy evaluations that can ...
CVE-2025-54864 Hydra missing authentication when triggering evaluations through GitHub and Gitea plugins
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...
SQL Injection
z-push/z-push-dev is vulnerable to SQL Injection. The vulnerability is due to unparameterized queries in the IMAP backend’s basic authentication username field, which allows an attacker to inject malicious SQL commands to access, modify, or delete sensitive data from a linked third-party database...
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
Hydra 访问控制错误漏洞
Hydra is a Nix open source continuous integration service based on the Nix project. An access control error vulnerability exists in versions prior to Hydra f7bda02, which stems from the lack of HTTP basic authentication in /api/push-github and /api/push-gitea, which could lead to a denial of...
KLA86584 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service. Below is a complete list of vulnerabilitie...