(0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...

CVE-2026-4124

CVE-2026-4124 concerns the Ziggeo WordPress plugin (versions ≤ 3.1.1). The vulnerability arises in the wp_ajax_ziggeo_ajax handler, which only checks a nonce (check_ajax_referer) and lacks capability checks via current_user_can(). The nonce ziggeo_ajax_nonce is exposed to all logged-in users thro...

CVE-2026-4124

The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wpajaxziggeoajax handler only verifies a nonce checkajaxreferer but performs no capability checks via currentusercan. Furthermore, the nonce 'ziggeoajaxnonce' is exposed to all...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

CVE-2026-26208 ADB Explorer Vulnerable to Remote Code Execution via Insecure Deserialization

ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allo...

CVE-2026-26208

CVE-2026-26208 affects ADB Explorer (Windows). It is vulnerable to insecure deserialization via JSON settings file deserialization: the app deserializes App.txt with Json.NET in which TypeNameHandling is set to Objects, enabling a crafted JSON file (for example containing an ObjectDataProvider ga...

PT-2026-8026

Name of the Vulnerable Software and Affected Versions ADB Explorer versions prior to Beta 0.9.26020 Description ADB Explorer, a fluent UI for ADB on Windows, contains a flaw due to Insecure Deserialization, potentially leading to Remote Code Execution. The application deserializes the App.txt...

EUVD-2022-29685

Malicious code in bioql PyPI...

EUVD-2024-38672

Malicious code in bioql PyPI...

CVE-2025-43184

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings...

CVE-2025-43184

CVE-2025-43184 affects macOS Shortcuts settings handling. The issue involves bypassing sensitive Shortcuts app settings, which was addressed by adding an additional user-consent prompt. Apple patches are available in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, and macOS Sequoia 15.4. The underlyin...

CVE-2025-43184

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.4. A shortcut may be able to bypass sensitive Shortcuts app settings...

CVE-2023-32442

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings...

Realme GT 2 信息泄露漏洞

Realme GT 2 is a smartphone from the Chinese company Realme Realme. The Realme GT 2 RMX3311 suffers from a security vulnerability that originates from physical proximity Attackers may be able to gain access to sensitive information through the display-only app settings feature...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

MAL-2024-12091 Malicious code in app-settings-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb5bad98414af86d07823241157507b0c2c71fb619cb487fb0a126587fa9ae8e The OpenSSF Package Analysis project identified 'app-settings-template' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in app-settings-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb5bad98414af86d07823241157507b0c2c71fb619cb487fb0a126587fa9ae8e The OpenSSF Package Analysis project identified 'app-settings-template' @ 1.0.0 npm as malicious. It is considered malicious because: - The...