Client Security Vulnerabilities
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin...
8.1CVSS
6AI Score
0.001EPSS
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.4AI Score
0.0004EPSS
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining....
7.3CVSS
7.1AI Score
0.001EPSS
The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving....
7CVSS
6.6AI Score
0.0004EPSS
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration...
7.8CVSS
7.6AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.03EPSS
6.5CVSS
7.7AI Score
0.001EPSS
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network...
7.4CVSS
6.3AI Score
0.001EPSS
Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local...
7.8CVSS
7.9AI Score
0.0004EPSS
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper...
7.7CVSS
6.8AI Score
0.0004EPSS
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by...
8.7CVSS
8AI Score
0.0004EPSS
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom...
8.3CVSS
7.1AI Score
0.0005EPSS
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom...
5.4CVSS
5.4AI Score
0.0005EPSS
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous...
7.7CVSS
7.5AI Score
0.0005EPSS
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information...
7.8CVSS
7.9AI Score
0.0004EPSS
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified...
7.5CVSS
7.7AI Score
0.001EPSS
7.8CVSS
8.3AI Score
0.0004EPSS
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension...
7.8CVSS
7.6AI Score
0.001EPSS
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...
5.5CVSS
5.3AI Score
0.0004EPSS
Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.4CVSS
5.7AI Score
0.001EPSS
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not...
5.9CVSS
6AI Score
0.001EPSS
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...
9.1CVSS
7.6AI Score
0.003EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1...
5.9CVSS
4.9AI Score
0.0005EPSS
6.5CVSS
6.3AI Score
0.002EPSS
Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated...
7.8CVSS
7.5AI Score
0.0004EPSS
Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege...
4.4CVSS
4.8AI Score
0.0004EPSS
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to...
7.8CVSS
7.7AI Score
0.0004EPSS
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM...
7.8CVSS
7.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8...
8.8CVSS
8.7AI Score
0.001EPSS
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the...
6.1CVSS
6AI Score
0.001EPSS
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than...
4.3CVSS
4.6AI Score
0.0005EPSS
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than...
5.5CVSS
5.2AI Score
0.0004EPSS
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive...
5.5CVSS
5.4AI Score
0.0004EPSS
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive...
5.5CVSS
5.4AI Score
0.0004EPSS
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local.....
7.8CVSS
7.5AI Score
0.0004EPSS