Lucene search
K

492 matches found

cvelist
cvelist
added 2026/01/06 9:30 p.m.31 views

CVE-2025-14599 Quartus® Prime Standard and Quartus® Prime Lite Security Advisory

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1...

6.7CVSS0.00092EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/06 9:30 p.m.3 views

CVE-2025-14599 Quartus® Prime Standard and Quartus® Prime Lite Security Advisory

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1...

6.7CVSS6.6AI score0.00092EPSS
Exploits0References1
cve
cve
added 2026/01/06 9:30 p.m.14 views

CVE-2025-14599

The CVE-2025-14599 entry concerns an Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Installer (SFX) for Windows. The issue affects Quartus Prime Standard (versions 23.1–24.1) and Quartus Prime Lite (versions 23.1–24.1) and can enable Search Order Hijacking due to an uncont...

6.7CVSS6.6AI score0.00092EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/01/06 12:0 a.m.4 views

PT-2026-1516

Name of the Vulnerable Software and Affected Versions Altera Quartus Prime Standard versions 23.1 through 24.1 Altera Quartus Prime Lite versions 23.1 through 24.1 Description An uncontrolled search path element issue exists in the Altera Quartus Prime Standard Installer SFX and Altera Quartus...

6.7CVSS6.6AI score0.00092EPSS
Exploits0References4
cve
cve
added 2025/12/17 12:0 a.m.13 views

CVE-2024-46062

Miniconda3 macOS installers prior to 23.11.0-1 are affected. During installation outside the user’s home directory, the installer creates world-writable files that are executed with root privileges, enabling a local low-privileged user to inject commands and achieve root-level code execution. Pra...

7.8CVSS7.3AI score0.00172EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/12/17 12:0 a.m.7 views

PT-2025-51858

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary...

7.7AI score0.00172EPSS
Exploits1References3
thn
thn
added 2025/11/20 4:6 a.m.23 views

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 2:53 p.m.6 views

EUVD-2025-175306

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

6.6CVSS5.7AI score0.00126EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/11/12 5:7 p.m.6 views

CVE-2025-30182

Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...

6.7CVSS6.5AI score0.00115EPSS
Exploits0References1
euvd
euvd
added 2025/11/11 6:30 p.m.7 views

EUVD-2025-93497

Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...

6.7CVSS6AI score0.00115EPSS
Exploits0References2
cve
cve
added 2025/11/11 4:50 p.m.11 views

CVE-2025-30182

Intel Distribution for Python software installers prior to 2025.2.0 have an uncontrolled search path issue that may enable local privilege escalation. Affected component: the installer, with exploitation described as requiring an authenticated user and high complexity, plus active user interactio...

6.7CVSS6.1AI score0.00115EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/11 4:50 p.m.11 views

CVE-2025-30182

Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...

6.7CVSS0.00115EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/11 4:50 p.m.4 views

CVE-2025-30182

Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...

6.7CVSS6.1AI score0.00115EPSS
Exploits0References1
intel
intel
added 2025/11/11 12:0 a.m.17 views

Intel® Distribution for Python Software Installer Advisory

Summary: A potential security vulnerability for some Intel® Distribution for Python software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-30182 Description: Uncontrolled search pa...

6.7CVSS6.3AI score0.00115EPSS
Exploits0
thn
thn
added 2025/11/06 3:31 p.m.7 views

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense , describing it as...

8.8CVSS7.4AI score0.80906EPSS
Exploits35
cve
cve
added 2025/11/05 12:0 a.m.17 views

CVE-2025-56232

GOG Galaxy 2.0.0.2 is affected by a Missing SSL certificate validation vulnerability that enables local-network/MITM interception of update requests, potentially replacing installers or updates with malicious files. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, EUVD) with no...

6.8CVSS6.3AI score0.0012EPSS
Exploits1References2Affected Software1
osv
osv
added 2025/10/29 10:12 p.m.4 views

GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

6.8CVSS6.2AI score0.0015EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/10/29 12:0 a.m.4 views

Revenera InstallShield 安全漏洞

Revenera InstallShield Flexera InstallShield is a development package from Revenera Inc. for building Windows installers and MSIX packages. A security vulnerability exists in Revenera InstallShield version 2023 R1, which stems from MPR.dll being loaded from an insecure location, which could lead ...

7.3CVSS6.7AI score0.00123EPSS
Exploits0References2
thn
thn
added 2025/10/17 6:3 a.m.6 views

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy...

7.1AI score
Exploits0
redhatcve
redhatcve
added 2025/10/15 3:47 p.m.9 views

CVE-2025-46774

An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables...

7.8CVSS6.9AI score0.00077EPSS
Exploits0References1
Rows per page
Query Builder