CVE-2026-35553

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values...

Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers

Overview Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2026-35553 Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

CVE-2026-35553

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values...

CVE-2026-35553

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values...

CVE-2025-12051

The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...

CVE-2025-12053

The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...

CVE-2025-12052

CVE-2025-12052 is described across multiple sources as a local-buffer-overflow vulnerability stemming from drivers in tool packages reading registry values using RTL_QUERY_REGISTRY_DIRECT. Affected component is the driver (egwindrv.sys) or related kernel/tool drivers, with the untrusted applicati...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

EUVD-2020-20469

Malware in sbrugna...

CVE-2025-10222

Exposure of Sensitive Information to an Unauthorized Actor CWE-200 in the diagnostic dump component in AxxonSoft Axxon One VMS C-Werk 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading...

CVE-2025-10222 Sensitive Information Disclosure in Diagnostic Dumps in AxxonSoft Axxon One VMS

Exposure of Sensitive Information to an Unauthorized Actor CWE-200 in the diagnostic dump component in AxxonSoft Axxon One VMS C-Werk 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading...

CVE-2025-10222 Sensitive Information Disclosure in Diagnostic Dumps in AxxonSoft Axxon One VMS

Exposure of Sensitive Information to an Unauthorized Actor CWE-200 in the diagnostic dump component in AxxonSoft Axxon One VMS C-Werk 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading...

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, t...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

Linux kernel on Intel systems is susceptible to Spectre v2 attacks

Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection BHI are likely affected. An unauthenticated...

Information disclosure

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...

Huawei Emui and Magic UI Registration Tampering Vulnerability

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which can be exploited by attackers to modify registry values...