EUVD-2021-29938

Malicious code in bioql PyPI...

RLSA-2025:8341 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...

CVE-2025-57714 NetBak Replicator

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak...

PT-2026-2690

Name of the Vulnerable Software and Affected Versions Windows NTFS affected versions not specified Description A heap-based buffer overflow exists in Windows NTFS that could allow an authorized attacker to execute code locally. Remote attackers may be able to execute arbitrary code and affect the...

PT-2026-2727

Name of the Vulnerable Software and Affected Versions Windows NTFS affected versions not specified Description A heap-based buffer overflow exists in Windows NTFS. This allows a locally authorized attacker to execute code. The issue may allow remote attackers to execute arbitrary code and affect...

Poetry Argument Injection vulnerability can lead to local Code Execution

...

Advisory ROSA-SA-2025-3027

software: jasper 2.0.33 WASP: ROSA-CHROME unaffected versions = jasper-2.0.33-2 affected versions jasper-2.0.33-2 CVE-ID: CVE-2025-8835 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in JasPer before version 4.2.5 allows a crash due to null pointer dereferencing in the jasimagechclrspc...

OESA-2025-2322 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

ogre 安全漏洞

ogre is a scene-oriented 3D engine open-sourced by OGRECave. A security vulnerability exists in ogre 14.4.1 and earlier versions, which stems from a memory management mismatch in the STBIImageCodec::encode function that could lead to a local execution attack...

CVE-2025-43993

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution...

CVE-2025-43993

CVE-2025-43993 affects Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver versions prior to 3.2.0.22. The root cause is an Unquoted Search Path or Element in these components, enabling a low-privilege, local attacker with access to potentially perform Code Execution. Rep...

CVE-2025-43993

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution...

CVE-2025-43993

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution...

PT-2025-39443

Name of the Vulnerable Software and Affected Versions Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver versions prior to 3.2.0.22 Description The Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver contains an Unquoted Search Path or Element...

CVE-2025-54081

CVE-2025-54081 affects Sunshine (Moonlight host) due to an unquoted executable path in the Windows service SunshineService prior to 2025.923.33222. If Sunshine is installed in a directory with spaces, the Service Control Manager may misinterpret the path and allow a malicious binary to execute ea...

CVE-2025-54081 SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager SCM interprets the path...

CVE-2025-54081 SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager SCM interprets the path...

CVE-2025-30075

In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths...

CVE-2025-59050

CVE-2025-59050 — Greenshot : Greenshot

CVE-2025-59050 Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...