4529 matches found
CVE-2026-34596 Sandboxie-Plus local privilege escalation via TOCTOU race condition in UpdUtil addon installation
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...
CVE-2026-34462
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...
CVE-2026-42369
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...
PT-2026-37231
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...
CVE-2026-42369
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...
CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...
yii2-mcp-server has a Command Injection Issue
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yiicommandhelp/yiiexecutecommand of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publish...
CVE-2025-10549
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...
TOTOLINK A8000RU 命令注入漏洞
The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from the setWiFiEasyGuestCfg function in the CGI Handler component, specifically the operation of the...
DEBIAN-CVE-2026-42171
NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...
CVE-2026-42171
NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...
EUVD-2026-25637
NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...
EUVD-2026-25623
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...
PT-2026-35088
Name of the Vulnerable Software and Affected Versions NSIS Nullsoft Scriptable Install System versions 3.06.1 through 3.11 Description When executing as SYSTEM, the software sometimes uses the Low Integrity Level Low IL temporary directory. This allows local attackers to gain elevated privileges ...
NSIS 代码问题漏洞
NSIS is an open-source tool developed by NSIS Development for creating Windows installation programs. In versions 3.06.1 to 3.12 of NSIS, there were code vulnerabilities. These vulnerabilities stemmed from the use of a low-IL temporary directory when executed as SYSTEM, allowing local attackers t...
EUVD-2025-209559
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...
GHSA-W5J3-8FCR-H87W Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...
CVE-2026-22676
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...
CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
EUVD-2026-21654
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...