6687 matches found
MAL-2026-639 Malicious code in connection-api-requests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1e1edf0790733aa25ad085b523a095b1ee4abee84eca696bbcaf1682cca2c2ad Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
PT-2026-5576
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:Program FilesVeritasNetBackupbinbpinetd.exe to inject malicious code that would...
EUVD-2020-30932
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted inp...
CVE-2020-37060 Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent...
EUVD-2020-30954
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent...
CVE-2020-37060
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent...
CVE-2020-37060
Atomic Alarm Clock 6.3 is affected by a local privilege escalation due to an unquoted service path in its service configuration, enabling an attacker to execute arbitrary code with SYSTEM privileges by placing a malicious Program.exe. The issue allows persistent, system‑level access. Public refer...
CVE-2026-23564
A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive informatio...
mtkclient
🚀 mtkclient - Easily Flash and Repair Mediatek Devices !Dow...
PT-2026-5477
Name of the Vulnerable Software and Affected Versions RM Downloader version 2.50.60 Description RM Downloader version 2.50.60 contains a local buffer overflow issue in the Load parameter. This allows attackers to execute arbitrary code by overwriting memory. An attacker can create a malicious...
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
UPD 30.01.2026: Added technical details about the attack chain and more IoCs. On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by the Indian company MicroWorld Technologies. The previously unknown malware was distributed through the...
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2020-37020
CVE-2020-37020 affects SonarQube 8.3.1 and describes an unquoted service path vulnerability in the service executable path. According to the provided description, local attackers can gain SYSTEM privileges by exploiting this path vulnerability: they replace the wrapper.exe in the service path wit...
EUVD-2020-30923
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
CVE-2026-23568
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked...
CVE-2026-23569
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...
EUVD-2026-4993
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...
CVE-2026-23569 Out-of-bounds read vulnerability in Content Distribution Service
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...
CVE-2026-23569
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used ...