CVE-2026-40551

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

CVE-2025-55582

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script mydlink-watch-dog.sh, which blindly respawns binaries such as dcp and signalc without verifying integrity, authenticity, or permissions. An attacker with local filesystem access via physical access, firmware...

CVE-2024-9002

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...

PT-2024-32858 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.0 Description: This issue is related to a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from...

CVE-2024-8306

CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...

npm-test-sqlite3-trunk code execution vulnerability

npm-test-sqlite3-trunk is a module for providing asynchronous non-blocking SQLite3 bindings. A security vulnerability exists in npm-test-sqlite3-trunk, which originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit this vulnerability by...

frames-compiler remote code execution vulnerability

The frames-compiler is a suite of software for building a wide range of applications, providing a graphical user interface that supports multiple platforms. A security vulnerability exists in frames-compiler that originates when the program downloads binary resources over the HTTP protocol. A...

CVE-2016-10606

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

pngcrush-installer code execution vulnerability

pngcrush-installer is the installer for pngcrush. A security vulnerability exists in versions of pngcrush-installer prior to 1.8.10 that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary...

CVE-2016-10589

selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...