PT-2025-21591

Name of the Vulnerable Software and Affected Versions: Wibu CodeMeter versions prior to 8.30a Description: The issue allows for privilege escalation immediately after installation, before a logoff or reboot, under specific conditions. These conditions include an unprivileged installation with UAC...

CVE-2025-1329 IBM CICS TX code execution

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function...

CVE-2025-0072

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Drive...

CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting XSS through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME typ...

CVE-2025-32981

NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File...

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

AIX : Multiple Vulnerabilities (IJ52421)

The version of AIX installed on the remote host is prior to APAR IJ52421. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ52421 advisory. - IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel...

CVE-2025-0120

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also...

CVE-2025-1500

CVE-2025-1500 affects IBM Maximo Application Suite 9.0 and involves an Unrestricted File Upload vulnerability (CWE-434) that could let an authenticated user upload a file with dangerous types, potentially executable by another user. IBM’s security bulletin states the impact is limited to controll...

CVE-2023-52972

Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes...

ChuanhuChatGPT Authorization Issue Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An authorization issue vulnerability exists in the ChuanhuChatGPT c91dbfc version, which stems from the reboot server feature not being check...

CVE-2025-20226 Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

Summary UPDATED Oct 10 Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40: A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges CVE-2022-34356. Vulnerability Details CVEID:CVE-2022-34356 DESCRIPTION: IBM AIX could allow a...

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

CVE-2024-0640

CVE-2024-0640 (Chatwoot) describes a stored XSS vulnerability in chatwoot/chatwoot versions 3.0.0 to 3.5.1. An admin can inject malicious JavaScript through the dashboard app settings, which can then be executed by another admin when they access the affected dashboard. The issue has been fixed in...

CVE-2025-28010

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

CVE-2025-27101

CVE-2025-27101 — Opal filesystem copy path traversal / access control issue : Opal (OBiBa) before version 5.1.1 exposes files from a user’s directory when copying any parent directory to a folder under /temp/. This flaw allows any user (including low-privilege DataShield users) to access files th...

CVE-2025-25015

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only exploitable by users tha...