492 matches found
CVE-2025-14599 Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1...
CVE-2025-14599 Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer SFX on Windows, Altera Quartus Prime Lite Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1...
CVE-2025-14599
The CVE-2025-14599 entry concerns an Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Installer (SFX) for Windows. The issue affects Quartus Prime Standard (versions 23.1–24.1) and Quartus Prime Lite (versions 23.1–24.1) and can enable Search Order Hijacking due to an uncont...
PT-2026-1516
Name of the Vulnerable Software and Affected Versions Altera Quartus Prime Standard versions 23.1 through 24.1 Altera Quartus Prime Lite versions 23.1 through 24.1 Description An uncontrolled search path element issue exists in the Altera Quartus Prime Standard Installer SFX and Altera Quartus...
CVE-2024-46062
Miniconda3 macOS installers prior to 23.11.0-1 are affected. During installation outside the user’s home directory, the installer creates world-writable files that are executed with root privileges, enabling a local low-privileged user to inject commands and achieve root-level code execution. Pra...
PT-2025-51858
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary...
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote acces...
EUVD-2025-175306
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...
CVE-2025-30182
Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...
EUVD-2025-93497
Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...
CVE-2025-30182
Intel Distribution for Python software installers prior to 2025.2.0 have an uncontrolled search path issue that may enable local privilege escalation. Affected component: the installer, with exploitation described as requiring an authenticated user and high complexity, plus active user interactio...
CVE-2025-30182
Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...
CVE-2025-30182
Uncontrolled search path for some IntelR Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalati...
Intel® Distribution for Python Software Installer Advisory
Summary: A potential security vulnerability for some Intel® Distribution for Python software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-30182 Description: Uncontrolled search pa...
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense , describing it as...
CVE-2025-56232
GOG Galaxy 2.0.0.2 is affected by a Missing SSL certificate validation vulnerability that enables local-network/MITM interception of update requests, potentially replacing installers or updates with malicious files. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, EUVD) with no...
GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...
Revenera InstallShield 安全漏洞
Revenera InstallShield Flexera InstallShield is a development package from Revenera Inc. for building Windows installers and MSIX packages. A security vulnerability exists in Revenera InstallShield version 2023 R1, which stems from MPR.dll being loaded from an insecure location, which could lead ...
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy...
CVE-2025-46774
An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables...