CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2026-29911

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud SaaS version. If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd wi...

WordPress Import and export users and customers plugin <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kiemtiendinhau in WordPress Plugin Import and export users and customers versions = 2.0.8...

SUSE SLES15 Security Update : kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1527-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1527-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes one security issue The following security issue was fixed: - CVE-2026-23268:...

SUSE-SU-2026:1468-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy...

Exploit for CVE-2025-15602

CVE-2025-15602-PoC CVE-2025-15602-PoC is a proof of concept f...

CVE-2026-20202

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

EUVD-2025-208607

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2025-27535

Exposed ioctl with insufficient access control in the firmware for some IntelR Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable...

PT-2026-3722

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000821)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000821 advisory. kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002965)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002965 advisory. The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service...

CVE-2023-31779

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting XSS. An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature...

CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

CVE-2022-42455

ASUS EC Tool driver aka d.sys 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local user...

CVE-2019-11446

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

CVE-2006-1844

The Debian installer for the 1 shadow 4.0.14 and 2 base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges...