6680 matches found
EUVD-2026-13033
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv0 tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling...
CVE-2026-28674
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the AdminPaymentPluginUpload endpoint lets admins upload any file to plugins/payment/. It only checks a hardcoded password qweasd123456 and ignores file content. A...
MAL-2026-1499 Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
Malicious code in anistream (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 57e4902ca2172a78b93acf6ec1413ab098e72c158dc1ab74c3a84f28f50382f1 Package hides code that downloads and runs malware, likely an infostealer. The code is not directly called in the package suggesting it's a dependency or next...
Malicious code in telegramdatas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2026-1498 Malicious code in telegramdatas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 742799f83f7140514aa9a55c3f3efb5142ab1eaef68317a40e23a8f261e22b71 During import, an infostealer embedded as package resource is started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in chacha-lite-encrypt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 705b86da323a21b157504bf4833b60c8aa90a57d6db5111716afe31c114b6c1d During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...
EUVD-2017-18930
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...
EUVD-2016-10805
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
EUVD-2016-10803
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...
CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...
CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...
OpenEDR 安全漏洞
OpenEDR is an open-source terminal detection and response security platform developed by Comodo Cyber Security. Version 2.5.1.0 of OpenEDR contains a security vulnerability. This vulnerability stems from the ability to bypass the system’s defense mechanisms by renaming malicious executable files,...
ZKTeco ZKAccess Professional 安全漏洞
ZKTeco ZKAccess Professional is an access control software developed by ZKTeco Technology ZKTeco in China. Version 3.5.3 of ZKTeco ZKAccess Professional contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow verified users to elevate their...
PT-2026-25731
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm x64.exe binary in the...
ZKTeco ZKTime.Net 安全漏洞
ZKTeco ZKTime.Net is an attendance and time management software developed by ZKTeco Technology ZKTeco in China. Version 3.0.1.6 of ZKTeco ZKTime.Net contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow unauthorized users to elevate their...
PT-2026-25736
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...
Wowza Media Systems Wowza Streaming Engine 安全漏洞
Wowza Media Systems Wowza Streaming Engine is a powerful, customizable, and scalable media server software developed by Wowza Media Systems. It enables reliable streaming of high-quality video and audio to any device. Version 4.5.0 of Wowza Streaming Engine contains a security vulnerability cause...
CVE-2017-20218
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...
CVE-2016-20033
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...