CVE-2024-39567

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker t...

EUVD-2024-49687

Malicious code in bioql PyPI...

EUVD-2023-42218

Malicious code in bioql PyPI...

PT-2025-31987 · Unknown · Turbo Ftp Server

Name of the Vulnerable Software and Affected Versions: Turbo FTP Server versions 1.30.823 through 1.30.826 Description: Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow in the handling of the PORT command. Sending a specially crafted payload allows a remote, unauthenticat...

CVE-2025-27582

The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

!/usr/bin/env python3 Exploit Title: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Windows 11 Version 24H2 for x64-based Systems...

CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...

CVE-2023-42682

In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

CVE-2023-33226

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges...

CVE-2023-33227

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges...

CVE-2020-27046

In nfcncifproceeaction of nfcncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

CVE-2020-3854

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges...

CVE-2020-3845

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges...

CVE-2019-15345

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...

CVE-2019-19475

An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation...

CVE-2019-8701

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges...

CVE-2019-8629

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges...

CVE-2019-13035

Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS the current directory a...

CVE-2025-26056

A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...