Lucene search
K

220 matches found

RedhatCVE
RedhatCVE
added 2025/07/16 3:2 a.m.4 views

CVE-2025-7619

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

8.8CVSS7.8AI score0.00754EPSS
Exploits0References1
NVD
NVD
added 2025/07/14 4:15 a.m.14 views

CVE-2025-7619

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

8.8CVSS0.00754EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/14 3:0 a.m.8 views

CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...

8.8CVSS0.00754EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.4 views

PT-2025-29415 · Wellchoose · Batchsigncs

Name of the Vulnerable Software and Affected Versions: BatchSignCS affected versions not specified Description: BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running,...

8.8CVSS6.9AI score0.00754EPSS
Exploits0References10
CVE
CVE
added 2025/06/10 5:2 p.m.72 views

CVE-2025-33069

CVE-2025-33069 affects Windows App Control for Business (WDAC). The root cause is improper verification of cryptographic signatures in WDAC, enabling a local attacker to bypass the security feature. The vulnerability is categorized as a security feature bypass with medium severity (CVSS 3.1: Loca...

5.1CVSS5.2AI score0.00286EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.8 views

CVE-2024-54540

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app...

5.5CVSS6AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:14 a.m.13 views

CVE-2024-9949

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application...

5.8CVSS6.9AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.11 views

CVE-2023-29059

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...

7.8CVSS7AI score0.04373EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.7 views

CVE-2023-2331

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

7.8CVSS7.4AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.5 views

CVE-2023-32351

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges...

7.8CVSS6.3AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.7 views

CVE-2022-40298

Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell...

8.8CVSS7.3AI score0.00587EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.15 views

CVE-2022-34100

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...

8.8CVSS7.1AI score0.01049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.10 views

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...

8.8CVSS7.2AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.12 views

CVE-2022-34101

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack...

7.8CVSS7.6AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.9 views

CVE-2021-25509

A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders...

7.1CVSS6.9AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.9 views

CVE-2020-13885

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application...

7.8CVSS6.9AI score0.00574EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 a.m.6 views

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...

10CVSS7.8AI score0.03701EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.8 views

CVE-2019-9963

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap...

7.8CVSS7.8AI score0.0141EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.10 views

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

7.8CVSS6.5AI score0.00759EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/06 2:32 p.m.13 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

5.5CVSS7.3AI score0.00408EPSS
Exploits1References6
Rows per page
Query Builder