EUVD-2026-32902

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

PT-2026-34335

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them ...

GHSA-P443-P7W5-2F7F OliveTin's RestartAction always runs actions as guest

Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001952 advisory. The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mountin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000948 advisory. The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a...

CVE-2019-12792

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root...

OESA-2025-2880 usbmuxd security update

usbmuxd is a socket daemon to multiplex connections from and to iOS devices.It allows multiple services on the device to be accessed simultaneously. Security Fixes: A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before...

CVE-2025-65199

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

CVE-2025-64064

Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...

Dell CloudLink 安全漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...

EUVD-2001-0753

Malware in sbrugna...

EUVD-2017-16510

Malware in sbrugna...

EUVD-2018-0821

Malware in sbrugna...

EUVD-2020-17175

Malware in sbrugna...

EUVD-2019-4374

Malware in sbrugna...

EUVD-2019-5606

Malware in sbrugna...

EUVD-2024-25915

Malicious code in bioql PyPI...

EUVD-2021-8839

Malicious code in bioql PyPI...

EUVD-2022-33191

Malicious code in bioql PyPI...

EUVD-2022-5933

Malicious code in bioql PyPI...