CVE-2026-44470

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

CVE-2026-44470 Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

CVE-2026-44470

CVE-2026-44470 affects the Claude Desktop application for Windows, specifically the CoworkVMService component. Prior to version 1.3834.0, the service ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files. A loca...

EUVD-2026-30049

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

CVE-2026-44470

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

Claude Code 后置链接漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...

CVE-2026-27750

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder...

CVE-2020-24955

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as...

CVE-2021-27241

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 Build 20.8.5653.561. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The...

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

EUVD-2019-8639

Malware in sbrugna...

EUVD-2019-7997

Malware in sbrugna...

EUVD-2020-17655

Malware in sbrugna...

EUVD-2021-14006

Malware in sbrugna...

EUVD-2021-23334

Malware in sbrugna...

EUVD-2024-0956

Malicious code in bioql PyPI...

EUVD-2022-37041

Malicious code in bioql PyPI...

CVE-2024-29188

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...

CVE-2023-30672

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.230433 allows attackers to cause permanent DoS via directory junction...