832 matches found
Security Notice: Rowhammer - July 2025
NVIDIA has released this security notice in response to customer inquiries about potential impacts to NVIDIA GPUs from Rowhammer attacks. Go to NVIDIA Product Security. Details NVIDIA has received new research related to the industry-wide DRAM issue known as “Rowhammer”. The research demonstrates...
CVE-2025-6805
Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The...
📄 Microsoft AutoUpdate Privilege Escalation
Microsoft AutoUpdate MAU suffers from a privilege escalation vulnerability. Titles: CVE-2025-47968-Core-Logic Microsoft AutoUpdate MAU Elevation of Privilege Vulnerability Author: nu11secur1ty Date: 07/03/2025 Vendor: https://www.microsoft.com/en-us Software:...
CVE-2025-49144
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...
CVE-2025-49144
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...
PT-2025-26637
Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.8.1 and prior Description Notepad++ is a free and open-source source code editor. A privilege escalation flaw exists in the Notepad++ installer versions 8.8.1 and prior due to insecure executable search paths. This allows...
Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax
CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...
About Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400) vulnerability
About Elevation of Privilege - Microsoft DWM Core Library CVE-2025-30400 vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successf...
A Red Teaming Roadmap Towards System-Level Safety
Large Language Model LLM safeguards, which implement request refusals, have become a widely adopted mitigation strategy against misuse. At the intersection of adversarial machine learning and AI safety, safeguard red teaming has effectively identified critical vulnerabilities in state-of-the-art...
ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download
This module exploits a path traversal vulnerability CVE-2023-27856 in ThinManager use auxiliary/gather/thinmanagertraversaldownload msf auxiliarythinmanagertraversaldownload show actions ...actions... msf auxiliarythinmanagertraversaldownload set ACTION msf auxiliarythinmanagertraversaldownload...
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
This module exploits a path traversal vulnerability CVE-2023-2915 in ThinManager use auxiliary/admin/networking/thinmanagertraversaldelete msf auxiliarythinmanagertraversaldelete show actions ...actions... msf auxiliarythinmanagertraversaldelete set ACTION msf auxiliarythinmanagertraversaldelete...
CVE-2024-13917
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...
CVE-2024-13917 Intent Injection in Kruger&Matz AppLock application
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...
CVE-2024-13917 Intent Injection in Kruger&Matz AppLock application
An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...
CVE-2024-9154
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 2633...
CVE-2023-28354
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...
CVE-2023-21370
In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21310
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-20774
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228...
CVE-2023-20733
In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149...