GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

PT-2026-41182

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...

CVE-2026-34972

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper...

EUVD-2026-15805

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS

mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...

PT-2024-31735 · Solarwinds · Serv-U

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a Cross Site Scripting XSS vulnerability. An authenticated attacker, with the same permissions as the users, can modify a variable wi...

Hardware Vulnerability in Apple’s M-Series Chips

Its yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s...

Cloud Foundry UAA has an unspecified vulnerability (CNVD-2019-43846)

Cloud Foundry UAA is an authentication and managed service endpoint for the Cloud Foundry cloud platform from the Cloud Foundry Foundation. A security vulnerability exists in Cloud Foundry UAA. An attacker could exploit the vulnerability to obtain account tokens with the same username...

CVE-2017-11907

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)

This host is missing an important security update according to Microsoft Bulletin MS12-059. OpenVAS Vulnerability Test $Id: secpodms12-059.nasl 5963 2017-04-18 09:02:14Z teissa $ Microsoft Office Visio/Viewer Remote Code Execution Vulnerability 2733918 Authors: Antu Sanadi Copyright: Copyright c...