30 matches found
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...
CVE-2026-3775
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
EUVD-2026-17751
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
CVE-2026-3775 Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
CVE-2026-3775
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
PT-2026-29435
Name of the Vulnerable Software and Affected Versions The application affected versions not specified Description The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low-privileged users and is not...
EUVD-2026-17534
A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...
CVE-2026-20613
The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...
PT-2025-50135
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable attempts to load MEAINFY.D...
CVE-2025-52565
CVE-2025-52565 affects moby-runc (and thus the runc runtime) with versions less than 1.2.8-1. Affected component is the bind-mount of /dev/pts/$n to /dev/console, leading to container escapes or denial of service via writable gadget exposure. The connected MARINER advisories confirm an upgraded p...
CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...
SUSE CVE-2025-52565
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...
CVE-2025-35055
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
CVE-2025-35055 Newforma Info Exchange (NIX) insecure file upload
Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...