CVE-2026-40551

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

CVE-2026-33430

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...

CVE-2025-66266 Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

EUVD-2024-15934

Malicious code in bioql PyPI...

EUVD-2023-32149

Malicious code in bioql PyPI...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CVE-2024-0135

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure,...

CVE-2024-0135

CVE-2024-0135 affects the NVIDIA container-toolkit. The vulnerability is an improper isolation issue in the toolkit that could allow a specially crafted container image to modify a host binary, with potential for code execution, DoS, privilege escalation, information disclosure, and data tamperin...

CVE-2024-0135

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure,...

Design/Logic Flaw

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

Hyundai Gen5W_L 安全漏洞

The Hyundai Gen5WL is an automotive standard navigation infotainment system from Hyundai, South Korea. The Hyundai Gen5WL suffers from a security vulnerability that originates from an attacker being able to modify the AppDMClient binary file used during the firmware installation process to bypass...

CVE-2023-26245

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version e.g.,...

CVE-2021-33191

CVE-2021-33191 affects Apache NiFi MiNiFi C++ 0.5.0. The c2 protocol implements an agent-update command designed to patch the application binary, but an attacker could modify the c2-update path to execute an arbitrary command via the same privileges as the MiNiFi binary. This leads to potential a...

Privilege escalation

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...

CVE-2019-3688

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain...

IBM Informix nsrexecd Service Privilege Escalation Vulnerability

This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within configuration of the...

IBM Informix nsrd Service Privilege Escalation Vulnerability

This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within configuration of the nsr...

Android 1.x/2.x HTC Wildfire - Local Root Exploit

No description provided by source. / android 1.x/2.x the real youdev feat. init local root exploit. Modifications to original exploit for HTC Wildfire Stage 1 soft-root c 2010 Martin Paul Eve Changes: -- Will not remount /system rw NAND protection renders this pointless -- Doesn't copy self, mere...