PT-2026-33096

Name of the Vulnerable Software and Affected Versions RightFax versions prior to 25.4 Description An issue involving the deserialization of untrusted data allows for Object Injection. This flaw can lead to remote code execution without requiring authentication. Recommendations Update to version...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4255 DLL Injection Privilege Escalation

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4255 DLL Injection Privilege Escalation

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4255

The CVE-2026-4255 entry describes a DLL search order hijacking in Thermalright TR-VISION HOME (Windows 64-bit) that allows local privilege escalation via DLL side-loading. Affected: TR-VISION HOME versions up to 2.0.5. Root cause: the application loads DLL dependencies using the default Windows s...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2019-25485

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

CVE-2019-25485 R 3.4.4 Windows x64 Buffer Overflow SEH DEP ASLR Bypass

R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler cha...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-windows-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-windows-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINWINDOWSX64-14103295...

EUVD-2024-32584

Malicious code in bioql PyPI...

EUVD-2024-32583

Malicious code in bioql PyPI...

Exploit for Improper Input Validation in Mozilla Firefox

Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is a full browser compromise exploit chain CVE-2019-11708 & CVE-2019-9810 targeting Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 t...

📄 VirtualBox 7.0.16 Privilege Escalation

VirtualBox version 7.0.16 suffers from a privilege escalation vulnerability. Exploit Title: VirtualBox 7.0.16 - Local Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64...

PT-2024-15246 · Webroot · Webroot Antivirus

Name of the Vulnerable Software and Affected Versions: Webroot Antivirus versions 8.0.1 through 9.0.35.12 Description: The issue allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files due to a privilege escalation vulnerability. This vulnerability affects Webroot...

CVE-2024-4018

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit local appliance api modules allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

CVE-2024-4017

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit filesystem modules allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3...

PT-2024-28795 · Beyondtrust · Beyondtrust U-Series Appliance

Name of the Vulnerable Software and Affected Versions: BeyondTrust U-Series Appliance versions 3.4 through 4.0.2 Description: The issue is related to Improper Privilege Management in the BeyondTrust U-Series Appliance on Windows, 64-bit, specifically affecting the filesystem modules. This allows...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security componen...

The vulnerability of the OpenSSL cryptographic library, related to improper input validation, allows attackers to perform denial-of-service attacks.

The vulnerability of the OpenSSL cryptographic library is related to insufficient validation of user-input data in the implementation of POLY1305 MAC a message authentication code. Exploiting this vulnerability could allow an attacker to perform a “denial-of-service” attack by sending specially...

AZL-78585 CVE-2023-4807 affecting package openssl-fips-provider 3.1.2-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...