Lucene search
K

1406 matches found

EUVD
EUVD
added 2026/04/17 3:31 p.m.5 views

EUVD-2026-22837

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

7.3CVSS7.1AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 12:54 a.m.10 views

EUVD-2026-23135

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS5.8AI score0.00131EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 12:16 a.m.6 views

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 11:13 p.m.5 views

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS5.8AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 12:27 p.m.27 views

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

6.7CVSS0.00126EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/15 10:37 a.m.13 views

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

6AI score
Exploits0
NVD
NVD
added 2026/04/15 5:16 a.m.3 views

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 4:11 a.m.28 views

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS0.00126EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:11 a.m.3 views

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 4:11 a.m.10 views

CVE-2026-5397

The CVE-2026-5397 entry describes an Uncontrolled Search Path Element (CWE-427) in a UPS management application. It states that improper permissions on the installation directory allow a malicious DLL to be placed there and executed with administrator privileges because the product loads missing ...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Lenovo Service Bridge 安全漏洞

Lenovo Service Bridge is an application based on the Windows platform developed by Lenovo Corporation. This program can automatically detect the serial number, device type, and model of devices in order to provide corresponding services. Lenovo Service Bridge has a security vulnerability, which...

6.7CVSS6AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33005

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 4:58 p.m.32 views

CVE-2026-32214

Technical details about CVE-2026-32214 are not provided in the given documents. No explicit affected products, vulnerable components, impact, or remediation details are disclosed here. Monitor for updates from official sources.

5.5CVSS5.6AI score0.00221EPSS
Exploits0References1Affected Software14
Cvelist
Cvelist
added 2026/04/14 4:58 p.m.27 views

CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability

...

7CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.26 views

CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability

...

7CVSS0.01116EPSS
Exploits0References1
Securelist
Securelist
added 2026/04/13 9:0 a.m.7 views

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

6.1AI score
Exploits0
CVE
CVE
added 2026/04/10 5:49 a.m.15 views

CVE-2026-28704

EmoCheck is affected by a DLL search/loading flaw: it insecurely loads Dynamic Link Libraries (DLLs). A crafted DLL placed in the same directory can lead to arbitrary code execution under the invoking user’s privileges. Documents do not specify the vulnerable component version, exact file or DLL ...

8.4CVSS7.3AI score0.0016EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/10 4:38 a.m.8 views

EmoCheck loads Dynamic Link Libraries insecurely

Overview EmoCheck is a tool for detecting infections by "Emotet" malware, provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC. EmoCheck loads Dynamic Link Libraries insecurely. Uncontrolled search path element CWE-427 - CVE-2026-28704 ryo shimada of Powder Keg...

8.4CVSS7.1AI score0.0016EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/10 1:23 a.m.4 views

CVE-2026-30478

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable...

8.8CVSS5.9AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder