CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

CVE-2026-20428

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536...

CVE-2026-20413

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694...

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

Bitdefender Total Security 代码问题漏洞

Bitdefender Total Security is an active threat protection software for PCs from the Romanian company Bitdefender. The program has antivirus, firewall, anti-spyware, privacy control and parental control features. It also includes features such as System TuneUp. A code issue vulnerability exists in...