Lucene search
K

120967 matches found

Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4777

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesMiniTool ShadowMakerAgentService.exe' to inject malicious executables and...

8.5CVSS6.1AI score0.00172EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

vm2 security vulnerabilities

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.2 have security vulnerabilities; these vulnerabilities stem from Promise callback cleanup mechanisms...

10CVSS7.8AI score0.01222EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.6 views

RHEL 9 : gnupg2 (RHSA-2026:1229)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1229 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

7.8CVSS6.3AI score0.00129EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.4 views

GLSA-202601-03 : GIMP: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-03 GIMP: Arbitrary Code Execution A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

7.8CVSS5.9AI score0.00452EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.4 views

GLSA-202601-05 : Commons-BeanUtils: Arbitary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-05 Commons-BeanUtils: Arbitary Code Execution Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...

8.8CVSS5.9AI score0.01495EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.4 views

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by a double release in the XSLT...

6.5CVSS6.3AI score0.00344EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Micron Crucial Storage Executive code-related vulnerabilities

Micron Crucial Storage Executive is a solid-state drive management tool developed by the American company Micron. Versions of Micron Crucial Storage Executive prior to 11.08.082025.00 contained a code vulnerability. This vulnerability stemmed from a DLL preloading vulnerability in the installer,...

7.1CVSS6.1AI score0.00185EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2026/01/26 12:0 a.m.11 views

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

8.8CVSS5.8AI score0.01495EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/01/25 2:1 p.m.2 views

CVE-2020-36937

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/25 2:1 p.m.13 views

CVE-2020-36937

The CVE-2020-36937 entry concerns Microvirt MEMU Play 3.7.0, where the MEmusvc Windows service has an unquoted service path. This allows a local attacker to potentially execute arbitrary code by injecting a malicious executable placed in the unquoted path, with elevated LocalSystem privileges. Do...

8.5CVSS5.9AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/25 2:1 p.m.4 views

EUVD-2026-4636

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

8.5CVSS5.9AI score0.00119EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/25 2:1 p.m.3 views

CVE-2020-36937 MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/25 12:0 a.m.4 views

KMSpico code-related vulnerabilities

KMSpico is a Windows operating system and Office software cracking tool developed by KMSpico Corporation. Version KMSpico 17.1.0.0 has a code vulnerability that stems from the lack of quotation marks around service paths, which may allow for the execution of arbitrary code...

8.5CVSS6.1AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/25 12:0 a.m.5 views

HTC IPTInstaller code-related vulnerabilities

HTC IPTInstaller is a Windows platform tool plugin developed by HTC Corporation in the United States. Version 4.0.9 of HTC IPTInstaller contains a code vulnerability; this vulnerability stems from the service path not being enclosed in quotes, which may allow for the execution of arbitrary code...

8.5CVSS6.1AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.5 views

CVE-2026-0781

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

8.8CVSS6.5AI score0.01497EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/24 12:46 a.m.32 views

CVE-2026-24403 iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

7.1CVSS0.00395EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.5 views

iccDEV input validation error vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflow in the CIccProfile::CheckHeader function,...

8.8CVSS6.2AI score0.00395EPSS
Exploits1References4
NVD
NVD
added 2026/01/23 5:15 p.m.13 views

CVE-2021-47896

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will b...

8.5CVSS0.00123EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/23 10:28 a.m.6 views

Arbitrary Code Execution

binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...

6.5CVSS6.4AI score0.00505EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/01/23 5:9 a.m.2 views

Command Injection

Overview gemini-mcp-tool is a MCP server for Gemini CLI integration Affected versions of this package are vulnerable to Command Injection via the execAsync function. An attacker can execute arbitrary code with the privileges of the service account by supplying crafted input that is not properly...

9.8CVSS6.2AI score0.03336EPSS
Exploits0References2
Rows per page
Query Builder