CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

PT-2025-28558 · Microsoft · Windows Tdx.Sys +1

Name of the Vulnerable Software and Affected Versions: Windows TDX.sys affected versions not specified Description: A buffer over-read issue in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer versio...

CVE-2025-27741

CVE-2025-27741 describes an out-of-bounds read in Windows NTFS that allows a local attacker to elevate privileges. The issue is tied to NTFS handling and is mitigated by Microsoft security updates; affected users should apply the latest Windows security updates per MSRC guidance. The connected so...

CVE-2024-37285

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

PUB-A-306211423

In ppmpprotectbuf of drmfw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-20563

In TBD of ufdtconvert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Jenkins Buckminster Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...

CloudBees Jenkins Unauthorized Operation Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

ALPINE-CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

Apple macOS Sierra HFS Restricted Memory Read Privilege Elevation Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. The Apple macOS HFS suffers from a Restricted Memory Read Elevation of Privilege vulnerability, which can be exploited by remote attackers to build malicious applications with elevated privileges...