Freedom Coder articles - 250 total
CVE-2024-30051: Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
CVE-2026-20805: Microsoft Windows Information Disclosure Vulnerability
Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
CVE-2025-8110: Gogs Path Traversal Vulnerability
Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
CVE-2022-26871: Trend Micro Apex Central Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
CVE-2009-0556: Microsoft Office PowerPoint Code Injection Vulnerability
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
CVE-2022-42475: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2013-3993: IBM InfoSphere BigInsights Invalid Input Vulnerability
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
CVE-2022-47986: IBM Aspera Faspex Code Execution Vulnerability
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
CVE-2025-14847: MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client.
The Silent Pandemic: How Viral File Spread Threatens Our Digital Safety and How to Fight Back
In today’s hyper-connected world, a new kind of pandemic spreads not through the air but through our...
CVE-2020-12812: Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
CVE-2019-10758: MongoDB mongo-express Remote Code Execution Vulnerability
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
CVE-2023-52163: Digiever DS-2105 Pro Missing Authorization Vulnerability
Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
CVE-2021-26084: Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
CVE-2022-26318: WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
CVE-2023-22518: Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.
CVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVE-2023-38035: Ivanti Sentry Authentication Bypass Vulnerability
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVE-2022-23176: WatchGuard Firebox and XTM Privilege Escalation Vulnerability
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
CVE-2025-9242: WatchGuard Firebox Out-of-Bounds Write Vulnerability
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
CVE-2025-62215: Microsoft Windows Race Condition Vulnerability
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.
CVE-2025-12480: Gladinet Triofox Improper Access Control Vulnerability
Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.
CVE-2025-64446: Fortinet FortiWeb Path Traversal Vulnerability
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVE-2025-58034: Fortinet FortiWeb OS Command Injection Vulnerability
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
CVE-2025-13223: Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
CVE-2025-61757: Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
CVE-2021-26829: OpenPLC ScadaBR Cross-site Scripting Vulnerability
OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm.
CVE-2025-48572: Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
CVE-2025-48633: Android Framework Information Disclosure Vulnerability
Android Framework contains an unspecified vulnerability that allows for information disclosure.