The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an...
7.8CVSS
7.6AI Score
0.0004EPSS
A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of...
7.8CVSS
8AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been.....
7.8CVSS
8AI Score
0.0005EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and...
8.8CVSS
8.6AI Score
0.001EPSS
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and...
6.5CVSS
6.3AI Score
0.001EPSS
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file...
5.5CVSS
5.5AI Score
0.0004EPSS
6.6CVSS
6.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration...
5.8AI Score
0.001EPSS
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages"...
6.5AI Score
0.001EPSS
The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the...
6.5CVSS
6.3AI Score
0.001EPSS
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related...
8.1CVSS
7.9AI Score
0.001EPSS
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network...
6.1CVSS
6AI Score
0.001EPSS
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...
7.8CVSS
7.7AI Score
0.001EPSS
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with...
6.6CVSS
6.6AI Score
0.0004EPSS
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary...
7.8CVSS
7.6AI Score
0.0004EPSS
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM...
6.7CVSS
6.6AI Score
0.0004EPSS
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to.....
7.8CVSS
7.5AI Score
0.0004EPSS
6.1CVSS
6AI Score
0.001EPSS
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file...
8.8CVSS
8.6AI Score
0.003EPSS
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...
6.1CVSS
6.1AI Score
0.001EPSS
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the...
8.1CVSS
8AI Score
0.001EPSS
Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege...
7.8CVSS
7.6AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to...
7.3AI Score
0.002EPSS
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing...
6.9AI Score
0.0004EPSS