54 matches found
GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket
Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...
EUVD-2019-2433
Malware in sbrugna...
EUVD-2025-19792
Malicious code in bioql PyPI...
CVE-2025-9693
The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated...
MAL-2025-15958 Malicious code in book-user-process-protected-execute (npm)
The package book-user-process-protected-execute was found to contain malicious code...
MAL-2025-39769 Malicious code in xi-xml-user-process-fire (npm)
The package xi-xml-user-process-fire was found to contain malicious code...
Malicious code in book-user-process-protected-execute (npm)
The package book-user-process-protected-execute was found to contain malicious code...
Malicious code in xi-xml-user-process-fire (npm)
The package xi-xml-user-process-fire was found to contain malicious code...
CVE-2024-36348
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage...
AMD Processors 安全漏洞
AMD Processors is a processor from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Processors that originates from a user process that may infer TSCAUX, potentially leading to information disclosure...
AMD Processors 安全漏洞
AMD Processors is a processor from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Processors that originates from a user process that may speculatively infer control registers, potentially leading to information disclosure...
CVE-2025-50054
Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash...
CVE-2025-0073
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver...
CVE-2025-1246 Mali GPU Userspace Driver allows an Out-of-Bounds access
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operation...
CVE-2023-41138
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process...
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...
CVE-2025-0889
CVE-2025-0889 affects BeyondTrust Privilege Management for Windows prior to version 25.2. A local authenticated attacker can elevate privileges on a system that has EPM installed by manipulating COM objects under circumstances where an EPM policy allows automatic privilege elevation of a user pro...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a page mapping exception during zram swapping, which could lead to user process corruption...
CVE-2024-52305
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...
CVE-2024-49946
CVE-2024-49946 affects the Linux kernel PPP stack. The issue arises in ppp_channel_bridge_input() when packets are backlogged to a socket owned by a user process and the code path can call sk_backlog_rcv()/__release_sock()/release_sock() in process context. This creates an inconsistent lock state...