531 matches found
NewStart CGSL MAIN 7.02 : fapolicyd Vulnerability (NS-SA-2025-0139)
The remote NewStart CGSL host, running version MAIN 7.02, has fapolicyd packages installed that are affected by a vulnerability: - A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not...
CVE-2025-33109
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions...
CVE-2025-52969
...
CVE-2025-52969
CVE-2025-52969 is described in connected Red Hat and other sources as affecting ClickHouse 25.7.1.557, where low-privileged users can execute shell commands by querying existing Executable() tables created by higher-privileged users. The vulnerability stems from missing access control that preven...
CVE-2025-52969
...
CVE-2025-49580
XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...
CVE-2025-47167
Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2024-13089
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...
CVE-2024-9062
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
CVE-2024-9062 macOS Archify: Local Privilege Escalation
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...
PT-2025-25173 · Archify · Archify
Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...
PT-2025-24647 · Nozomi Networks · Nozomi Networks Guardian +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: An OS command injection issue exists within the update functionality, potentially allowing authenticated administrators to execute unauthorized arbitrary OS command...
CVE-2025-21479
CVE-2025-21479 is a memory corruption vulnerability in Qualcomm Adreno GPU drivers caused by unauthorized command execution in a GPU micronode during a specific command sequence. Public details indicate it affects Adreno A7xx devices (e.g., Snapdragon 8 Gen 1+ era) and can enable kernel memory re...
CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2025-20297
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...
PT-2025-23542 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.4 Splunk Enterprise versions prior to 9.2.6 Splunk Cloud Platform versions prior to 9.3.2411.102 Splunk Cloud Platform versions prior to 9.3.2408.111 Splunk Clo...
CVE-2024-1687
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...
CVE-2024-9578
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...
CVE-2023-28000
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...
CVE-2023-44116
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized...