CVE-2021-47883

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions durin...

CVE-2021-47869 BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

EUVD-2026-3638

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

CVE-2021-47869 BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

EUVD-2026-3619

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...

EUVD-2026-3643

MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate...

EUVD-2026-3634

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

CVE-2021-47852

CVE-2021-47852 affects Rockstar Games Launcher 1.0.37.349. The issue is an insecure permission configuration on the RockstarService.exe binary, allowing authenticated users to replace it with a malicious binary, which yields a new administrator user and elevated system access. Root cause: weak pe...

Malicious code in coolpackage2323 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe85cdb01cd65f379803d150e3cd9142774bda4f802120401655f71b5b7a907 During installation and importing the module, the package silently downloads malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Rockstar Games Launcher security vulnerability

Rockstar Games Launcher is a game launcher developed by Rockstar Games, Inc. Version 1.0.37.349 of Rockstar Games Launcher has a security vulnerability. This vulnerability stems from weak permissions for the service executable file, which may lead to an elevation of privileges...

PT-2026-3821

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:Program Files x86Brother directory to gain local system...

PT-2026-3835

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesOkidataCommonextend3portmgrsrv.exe' to inject malicious...

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

PINA: Prompt Injection Attack against Navigation Agents

Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

MAL-2026-351 Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in nanoinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f6ea4dd9867e528445ba01d2ceed3638e6178b2a940a2598c0f89eca5795802 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

MAL-2026-350 Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in bnanainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fa730f845044e96bb14f1b7245d35b819dc8a9ddeef07c952c22e65f85c0a459 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

CVE-2021-47829 DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path

DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code that will...