CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

CVE-2026-35081

CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability where authentication and authorization checks are missing for endpoints/api/v1/files/images/flowid/filename. This vulnerability allows...

GHSA-WVR4-3WQ4-GPC5 MCP Connect has unauthenticated remote OS command execution via /bridge endpoint

Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...

EUVD-2017-17269

Malware in sbrugna...

EUVD-2011-1782

Malware in sbrugna...

EUVD-2024-17578

Malicious code in bioql PyPI...

EUVD-2024-38948

Malicious code in bioql PyPI...

EUVD-2022-3310

Malicious code in bioql PyPI...

CVE-2025-37128 Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows clie...

CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense...

CVE-2019-10724

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520TZ370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642...

CVE-1999-0425

talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes...

CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

CVE-2024-51324

CVE-2024-51324 exists in Baidu Antivirus driver BdApiUtil64.sys (v5.2.3.116083). The vulnerability arises from an IOCTL handler (0x800024B4) that terminates a target process without privilege validation, enabling a BYOVD attack to kill arbitrary processes from user mode. Exploitation chain demons...

PT-2025-6398

Name of the Vulnerable Software and Affected Versions Baidu Antivirus version 5.2.3.116083 Description An issue in the BdApiUtil driver of Baidu Antivirus allows attackers to terminate arbitrary processes by executing a Bring Your Own Vulnerable Driver BYOVD attack. The DeadLock ransomware has be...

CVE-2024-41143

Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed...

CVE-2024-41143

Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed...