PT-2025-50537

Name of the Vulnerable Software and Affected Versions Meatmeet basestation devices with ESP32 system on a chip affected versions not specified Description The ESP32 system on a chip used in Meatmeet basestation devices lacks Secure Boot functionality. Secure Boot verifies the authenticity of...

EUVD-2021-28632

Malicious code in bioql PyPI...

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

Spring Data Ahead of Time Repositories

In the past couple of years we have seen heavy investment throughout the Java ecosystem to reduce application startup times. The main focus gravitates around Ahead-of-Time optimizations. May it be condensing code into a GraalVM native executable, capturing already optimized bytecode with...

CVE-2024-6240 Improper privilege management vulnerability in Parallels Desktop

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...

Design/Logic Flaw

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

Foxit PDF Reader 11.0 - Unquoted Service Path

Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Race condition

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office macOS before build 39605, Acronis True Image 2021 macOS before build 39287...

Macro Expert 4.7 - Unquoted Service Path Vulnerability

Exploit Title: Macro Expert 4.7 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Vendor Homepage: http://www.macro-expert.com/ Tested on: Windows 10 C:\Users\Mertsc qc "Macro Expert" SC QueryServiceConfig SUCCESS SERVICENAME: Macro Expert TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2...

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path

Exploit Title: Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-23 Vendor Homepage: https://eventlogxp.com/ Software Links : https://eventlogxp.com/ Tested Version: Version: 4.9.3 Vulnerability Type: Unquoted...

Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path

Exploit Title: Winpakpro 4.8 - 'ScheduleService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPro...

AMD Fuel Service - (Fuel.service) Unquote Service Path Vulnerability

Exploit Title: AMD Fuel Service - 'Fuel.service' Unquote Service Path Discovery by: Hector Gerbacio Vendor Homepage: https://www.amd.com/ Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted Service Path: C:\wmic service ge...

IDT PC Audio 1.0.6499.0 - (STacSV) Unquoted Service Path Vulnerability

Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Home...

LCD_Service 1.0.1.0 - (LCD_Service) Unquote Service Path Vulnerability

Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to discover the...

Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path

Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A ...

Canon Inkjet Extended Survey Program 5.1.0.8 - (IJPLMSVC.EXE) - Unquoted Service Path Vulnerability

Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Professional 6...

Andrea ST Filters Service 1.0.64.7 Unquoted Service Path

Exploit Title: Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-04-28 Vendor Homepage: https://andreaelectronics.com/ Software Link : https://andreaelectronics.com/ Tested Version: 1.0.64.7 Vulnerability Type:...