CVE-2022-46873

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

CVE-2025-27997

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...

CVE-2022-48191

A vulnerability exists in Trend Micro Maximum Security 2022 17.7 wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowin...

📄 ABB Cylon Aspect Studio 3.08.03 Insecure Permissions

ABB Cylon Aspect Studio version 3.08.03 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag Modify for...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-41310

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-38532

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component CFeatures of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable...

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-29333

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file...

CVE-2022-28067

An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service DoS in the Sandbox via a crafted executable...

CVE-2022-39217

some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...

CVE-2021-29298

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...

CVE-2021-45460

A vulnerability has been identified in SICAM PQ Analyzer All versions V3.18. A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate proces...

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

CVE-2021-26844

A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...

CVE-2021-36376

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

CVE-2021-35056

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run...

CVE-2021-32759

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...