1160 matches found
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Attackers replaced JDownloader installer downloads with malware
If you downloaded the JDownloader installer during the compromise window May 6-7, you are advised to verify the file. JDownloader is a popular download management application, particularly favored for automated downloads from file-hosting services, video sites, and premium link generators. The...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
EUVD-2026-30112
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-30906
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-30905
CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...
Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries
Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite...
CVE-2026-44612
Bytello Share Windows Edition installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-44612
Bytello Share Windows Edition installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
PT-2026-40578
Bytello Share Windows Edition installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2026-27910
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...
EUVD-2026-22449
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...
CVE-2026-27910
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally...
CVE-2026-27910
CVE-2026-27910 concerns Windows Installer privilege elevation. The vulnerability is described as an improper handling of insufficient permissions in Windows Installer that allows an authorized attacker to elevate privileges locally. The CVSS v3.1 base score is 7.8 (HIGH), with Local attack vector...
CVE-2026-27910 Windows Installer Elevation of Privilege Vulnerability
...