CVE-2025-43858 YoutubeDLSharp allows command injection on windows system due to non sanitized arguments

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...

Erlang/OTP Installed (Windows)

Binary data ericcsonerlangotpwininstalled.nbin...

VLC Media Player < 3.0.20 DoS Vulnerability (Apr 2025) - Windows

VLC Media Player is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-2782 WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory

The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from...

CVE-2025-2781 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client...

CVE-2024-10047

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-10047

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-10047 Directory Listing Vulnerability in parisneo/lollms-webui

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-10047

CVE-2024-10047 affects parisneo/lollms-webui, versions from v9.9 to the latest. The issue is a directory listing vulnerability exposed via the /open_file endpoint, allowing an attacker to enumerate arbitrary directories on a Windows system. The vulnerability details across connected sources confi...

CVE-2025-1683

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...

CVE-2025-1683 Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...

CVE-2025-20206

A vulnerability in the interprocess communication IPC channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This...

VMware Workstation Multiple Vulnerabilities (VMSA-2025-0004) - Windows

VMware Workstation is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:workstation";...

Python Improper Encoding of Output Vulnerability (Feb 2025) - Windows

Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

LibreOffice Improper Input Validation Vulnerability (Feb 2025) - Windows

LibreOffice is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Rclone Installed (Windows)

Binary data rclonewininstalled.nbin...

CVE-2025-22890

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...

CVE-2025-23236

CVE-2025-23236 is part of multiple vulnerabilities in Defense Platform Home Edition (Ver.3.9.51.x and earlier). The issue is a buffer overflow in DeviceIoControl that could allow an attacker to obtain SYSTEM privileges on Windows. Other CVEs in the same advisory (e.g., CVE-2025-20094, CVE-2025-22...

CVE-2025-22890

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...

CVE-2025-0065

Improper Neutralization of Argument Delimiters in the TeamViewerservice.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection...