๐จ CVE-2025-43079
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.
๐@cveNotify
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges.
๐@cveNotify
๐จ CVE-2025-12942
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-30398
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
๐จ CVE-2025-47179
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
๐@cveNotify
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2025-59499
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
๐@cveNotify
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2025-59504
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
๐@cveNotify
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
๐@cveNotify
๐จ CVE-2025-59505
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59506
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59507
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59508
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59509
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
๐@cveNotify
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2025-59510
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
๐@cveNotify
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
๐@cveNotify
๐จ CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
๐@cveNotify
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2025-59513
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
๐@cveNotify
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2018-11544
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
๐@cveNotify
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
๐@cveNotify
Pastebin
CVE-2018-11544 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
๐จ CVE-2020-5510
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
๐@cveNotify
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
๐@cveNotify
Exploit Database
Hostel Management System 2.0 - 'id' SQL Injection
Hostel Management System 2.0 - 'id' SQL Injection.. webapps exploit for PHP platform
๐จ CVE-2025-3146
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Projectworlds Bus Pass Management System V1.0 /view-pass-detail.php SQL injection ยท Issue #1 ยท nabiland/cve
Projectworlds Bus Pass Management System V1.0 /view-pass-detail.php SQL injection NAME OF AFFECTED PRODUCT(S) Bus Pass Management System Vendor Homepage https://phpgurukul.com/bus-pass-management-s...
๐จ CVE-2025-56764
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
๐@cveNotify
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
๐@cveNotify
GitHub
GitHub - Remenis/CVE-2025-56764: Username Enumeration in Trivision NC-227WF
Username Enumeration in Trivision NC-227WF. Contribute to Remenis/CVE-2025-56764 development by creating an account on GitHub.
๐จ CVE-2025-61830
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.
๐@cveNotify
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security update available for Adobe Pass | APSB25-112