CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer...

Synology Presto Client 代码问题漏洞

Synology Presto Client is a high-speed transfer tool developed by the Chinese company Synology. Versions of Synology Presto Client prior to 2.1.3-0672 contained a code vulnerability. This vulnerability stemmed from uncontrolled search path elements during the installation process, which could all...

PT-2026-21657

Name of the Vulnerable Software and Affected Versions Synology Presto Client versions prior to 2.1.3-0672 Description A flaw exists in Synology Presto Client that allows local users to read or write arbitrary files during installation. This occurs because of an uncontrolled search path element. A...

CVE-2025-63945

A privilege escalation PE vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition...

Tencent PC Manager 安全漏洞

Tencent PC Manager is a free computer security software developed by Tencent Corporation in China. It integrates antivirus protection, security safeguards, and system optimization functions. Versions of Tencent PC Manager prior to 17.10.28554.205 contained a security vulnerability. This...

CVE-2025-4960 macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s...

SUSE CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

IBM Concert 安全漏洞

IBM Concert is a new tool developed by the American international business company IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions 1.0.0 to 2.1.0 of IBM Concert contain security vulnerabilities, which stem from improper file permission settings for...

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2019-25343

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

CVE-2019-25344

Wondershare MobileGo 8.5.0 is affected by an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group,...

CVE-2019-25344 MobileGo 8.5.0 - Insecure File Permissions

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2019-25344 MobileGo 8.5.0 - Insecure File Permissions

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

CVE-2019-25343

CVE-2019-25343 affects NextVPN 4.10, where insecure file permissions enable local users to modify executable files with full rights. By replacing system executables, an attacker may obtain SYSTEM or Administrator privileges through unauthorized modification. CVSS metrics indicate high impact and ...

CVE-2019-25343 NextVPN 4.10 - Insecure File Permissions

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

CVE-2019-25343 NextVPN 4.10 - Insecure File Permissions

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

PT-2026-7879

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

Vm3Max NextVPN 安全漏洞

Vm3Max NextVPN is a VPN proxy application developed by Vm3Max Corporation. Version 4.10 of Vm3Max NextVPN contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow local users to modify executable files in order to obtain SYSTEM or Administrator...

CVE-2019-25306

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with...