EUVD-2024-54060

Malicious code in bioql PyPI...

EUVD-2024-34011

Malicious code in bioql PyPI...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2025-28410

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges...

CVE-2024-13442

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

CVE-2016-4382

CVE-2016-4382 affects HP/HPE Performance Center versions 11.52, 12.00, 12.01, 12.20 and 12.50. The issue allows remote attackers to bypass intended access restrictions via unspecified vectors due to a “remote user validation failure.” Exploitation is described as remote, but concrete attack vecto...

SGI IRIX 5.3 - 'Cadmin' Local Privilege Escalation

source: https://www.securityfocus.com/bid/335/info A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as...