An insufficient input validation leading to memory overread in Citrix NetScaler ADC and Citrix NetScaler Gateway when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server may allow unauthenticated remote attackers to exfiltrate cookies, session IDs, or passwords from the target application.
A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer.
An authenticated PHP object deserialization vulnerability in Roundcube Webmail allows authenticated remote attackers to execute OS system commands.
Vite exposes content of non-allowed files using inline&import or raw import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.
External control of file name or path in Windows NTLMv2 allows an unauthorized attacker to perform spoofing over a network.
The IMF ForceDelete Filter Driver (IMFForceDelete.sys) present in IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files. This module allows a local unprivileged user to delete an arbitrary file, regardless of the current user privileges.
A XML External Entity vulnerability combined with an authenticated OS command injection in SysAid on-prem allows unauthenticated remote attackers to leak arbitrary files wich may lead to the execution of OS system commands.
A heap-based buffer overflow exists in the vkrnlintvsp.sys driver within the VkiRootAdjustSecurityDescriptorForVmwp(). The issue occurs due to improper validation of a user-controlled Dacl->AclSize value when calculating a memory allocation size.
Veeam Backup and Replication deserialization of Veeam.Backup.EsxManager.xmlFrameworkDs .NET class type allows authenticated remote attackers to execute system commands in the context of the NT AUTHORITY\SYSTEM user.
This module exploits an authentication bypass vulnerability in the CrushFTP WebInterface. Versions affected include 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0. The vulnerability allows an unauthenticated attacker to bypass login by crafting a forged CrushAuth cookie and abusing the Authorization header. If a valid username is known (e.g., crushadmin), the attacker can: Retrieve a full list of users via getUserList.