CVE Notify
19.2K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2025-15641
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)
* Product Name: Netskope Client
* Affected Platform: Windows
* Affected Version: All version below R138

πŸŽ–@cveNotify
🚨 CVE-2025-15642
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List (DACLs) on the service object and related registry keys,.
* Product Name: Netskope Client
* Affected Platform: Windows
* Affected Version: All version below R138

πŸŽ–@cveNotify
🚨 CVE-2025-59872
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code

πŸŽ–@cveNotify
🚨 CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

πŸŽ–@cveNotify
🚨 CVE-2026-0019
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0057
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0063
In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0064
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution privileges needed. User interaction is needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0071
In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-0081
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

πŸŽ–@cveNotify
🚨 CVE-2026-10094
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.

πŸŽ–@cveNotify
🚨 CVE-2026-10836
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.

πŸŽ–@cveNotify
🚨 CVE-2026-10837
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited impact on confidentiality and integrity.

πŸŽ–@cveNotify
🚨 CVE-2026-10839
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or interaction with the interface, resulting in limited impact on confidentiality and integrity.

πŸŽ–@cveNotify
🚨 CVE-2026-11409
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

πŸŽ–@cveNotify
🚨 CVE-2026-11410
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

πŸŽ–@cveNotify
🚨 CVE-2026-11857
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local authenticated attacker can connect to the local named pipe, obtain the .NET Remoting endpoint, and send specially crafted serialized objects. Successful exploitation results in arbitrary code execution in the context of the update process with NT AUTHORITY\SYSTEM privileges. Network-only exploitation is not possible and local host access with an authenticated user session is required.

πŸŽ–@cveNotify
🚨 CVE-2026-11858
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated low-privileged user can connect to the interface and invoke privileged update methods such as Update(). This allows arbitrary file write and delete operations with SYSTEM privileges and can be used to achieve local privilege escalation.

πŸŽ–@cveNotify
🚨 CVE-2026-11975
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw()

πŸŽ–@cveNotify
🚨 CVE-2026-12199
A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request (`/SHUTDOWN%20THE%20SERVER`) to terminate the process immediately via `os._exit(0)`. This results in a denial of service, impacting service availability. The issue arises due to insufficient authentication and protection mechanisms for critical server functions.

πŸŽ–@cveNotify