#vulnerability

The EVE X1/X5 server suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters.

A vulnerability exists in Streamlabs Desktop where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string into the name attribute of a scene object within config.json, the application's renderer process (Frameworks/Streamlabs Desktop Helper (Renderer).app) spikes to over 150% CPU and becomes unresponsive. This forces the victim to terminate the application manually, resulting in loss of availability. An attacker could exploit this by distributing malicious overlay files to disrupt streaming operations.

### Impact _What kind of vulnerability is it? Who is impacted?_ An unauthenticated attacker can exploit this vulnerability to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the Milvus cluster. This grants the attacker the ability to read, modify, or delete data, and to perform privileged administrative operations such as database or collection management. All users running affected Milvus versions are strongly advised to upgrade immediately. ### Patches _Has the problem been patched? What versions should users upgrade to?_ This issue has been fixed in the following versions: • Milvus 2.4.24 • Milvus 2.5.21 • Milvus 2.6.5 Users should upgrade to these patched versions or later to mitigate the vulnerability. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ If immediate upgrade is not possible, a temporary mitigation can be applied by removing the sourceID header from all in...

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

About Remote Code Execution – Microsoft SharePoint “ToolShell” (CVE-2025-49704) vulnerability. This vulnerability is from the Microsoft’s July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. Deserialization of untrusted data in the DataSetSurrogateSelector class leads to remote code execution in the context of the SharePoint […]

CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Spectrum Power 4 Vulnerabilities: Incorrect Use of Privileged APIs, Incorrect Privilege Assignment, Incorrect Permission Assignment for Critical Resource, Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Spectrum Power 4: Versions prior to V4.70 S...