PT-2026-2750

CVE-2026-20950 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. https://t.co/l03CyJMt0H...

PT-2026-2754

CVE-2026-20955 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. https://t.co/woPteDG0yH...

PT-2026-2404

Name of the Vulnerable Software and Affected Versions BlueSoleilCS version 5.4.277 Description BlueSoleilCS version 5.4.277 has a security issue related to an unquoted service path in its Windows service configuration. This could allow local attackers to execute arbitrary code. The vulnerable pat...

Splashtop 代码问题漏洞

Splashtop is a remote desktop software from Splashtop Inc. in the United States. A code issue vulnerability exists in Splashtop version 8.71.12001.0, which stems from an unquoted service path that could allow a local attacker to execute arbitrary code...

ITeCProteccioAppServer 代码问题漏洞

ITeCProteccioAppServer is a backend service component from ITeC. A code issue vulnerability exists in ITeCProteccioAppServer that stems from the service path not being quoted, which could allow a local attacker to execute code and elevate system privileges...

HTC VIVE Runtime Service 代码问题漏洞

HTC VIVE Runtime Service is a core backend driver from HTC Corporation. A code issue vulnerability exists in HTC VIVE Runtime Service version 1.0.0.4, which stems from the service path being unquoted, and could lead to a local user executing arbitrary code and elevating system privileges...

ProtonVPN 代码问题漏洞

ProtonVPN is a VPN application from ProtonVPN Open Source. A code issue vulnerability exists in ProtonVPN version 1.26.0, which stems from an unquoted WireGuard service configuration path that could allow a local attacker to execute arbitrary code...

BlueSoleilCS 代码问题漏洞

BlueSoleilCS is a core component of BlueSoleil's Bluetooth Management Center. A code issue vulnerability exists in BlueSoleilCS version 5.4.277, which stems from the presence of unquoted service paths in the Windows service configuration, which could lead to the execution of arbitrary code by a...

Connectify Hotspot 代码问题漏洞

Connectify Hotspot is a virtual router software from Connectify USA. Connectify Hotspot 2018 suffers from a code issue vulnerability that stems from the presence of unquoted service paths in ConnectifyService, which could lead to the execution of arbitrary code by a local attacker...

Clevo HotKey Clipboard 代码问题漏洞

Clevo HotKey Clipboard is a clipboard enhancement tool from Blue Sky Computer Clevo of Taiwan, China. A code issue vulnerability exists in Clevo HotKey Clipboard version 2.1.0.6, which stems from an unquoted service path, and could lead to a local, unprivileged user executing code with system...

Tftpd32 SE 代码问题漏洞

Tftpd32 SE is an IPv4 web server suite from the Tftpd open source. A code issue vulnerability exists in Tftpd32 SE version 4.60, which stems from unquoted service paths and could lead to a local attacker executing arbitrary code with elevated privileges...

MiracleLinux 8 : firefox-128.11.0-1.el8_10.ML.1 (AXSA:2025-9974:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9974:19 advisory. firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential...

Security Updates for Microsoft Office Products (January 2026) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the january-13-2026 advisory. - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-20952, CVE-2026-20953 - Integer...

Security Updates for Microsoft Office Online Server (January 2026)

The Microsoft Office Online Server installation on the remote host is missing security updates. It is, therefore, affected by the following vulnerabilities: - Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2026-20950 - Untrusted pointer...

MiracleLinux 7 : firefox-128.11.0-1.0.1.el7.AXS7 (AXSA:2025-9973:18)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9973:18 advisory. firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential...

MiracleLinux 9 : thunderbird-128.11.0-1.el9_6.ML.1 (AXSA:2025-10532:16)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10532:16 advisory. firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing...

Sandboxie-Plus 代码问题漏洞

Sandboxie-Plus is a sandboxing isolation software from Sandboxie-Plus. A code issue vulnerability exists in Sandboxie-Plus version 5.50.2, which stems from the presence of unquoted service paths to the Windows service SpieSvc, which could lead to the execution of arbitrary code by a local attacke...

PT-2026-2762

Name of the Vulnerable Software and Affected Versions versions prior to 2026-21219 Description A use after free issue exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a newer version that contai...

CVE-2005-1632

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...