CVE-2025-53947

CVE-2025-53947 affects Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware. The root cause is incorrect default/weak permissions on a data folder, enabling a local attacker with low privileges to modify its content and corrupt sensitive data. The vulnerability is local and requires minim...

PT-2025-38135

Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.2 Description: A missing Git URL validation in TeamCity allowed credential leakage on Windows systems. Recommendations: Update TeamCity to version 2025.07.2 or later...

UBUNTU-CVE-2025-27233

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...

CVE-2024-46917

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g.,...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

CVE-2024-46917

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g.,...

CVE-2009-20003

Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrit...

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2024-12310

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Windows

Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

CVE-2024-12310

A vulnerability in Imprivata Enterprise Access Management formerly Imprivata OneSign allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of...

aiohttp < 3.12.14 HTTP Request Smuggling Vulnerability - Windows

aiohttp is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Universal Print Management Service on the Microsoft Windows operating system allows a perpetrator to increase their privileges.

The vulnerability of the Universal Print Management Service on the Microsoft Windows operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and...

OpenVPN ovpn-dco-win 安全漏洞

OpenVPN ovpn-dco-win is a virtual network adapter on Windows from OpenVPN. A security vulnerability exists in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier, which stems from a kernel driver buffer overflow that could cause a system crash...

Remote Desktop Client Multiple Vulnerabilities (Jun 2025) - Windows

Remote Desktop Client is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-5335

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution...

IBM DB2 DoS (7235069) (Windows)

According to it self-reported version number, IBM Db2 is affected by a remote code execution vulnerability as a database administrator of one database may execute code or read/write files from another database within the same instance. Note that Nessus has not tested for this issue but has instea...

CVE-2025-46355

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker...

Roundcube Webmail RCE Vulnerability (Jun 2025) - Windows

Roundcube Webmail is prone to an authenticated remote code execution RCE vulnerability via php object deserialization. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...