542 matches found
CVE-2016-20090
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...
CVE-2016-20090
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...
CVE-2016-20090 Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...
CVE-2016-20090
CVE-2016-20090 affects Comodo Dragon Browser up to version 52.15.25.663. The issue is a privilege escalation in the DragonUpdater service caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can drop a malicious executable in the service path and trigger code exec...
EUVD-2016-10903
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...
PT-2026-50908
Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...
Blazing-Black-Dragon
No d...
SysAK 安全漏洞
SysAK is a system operation toolset open source by China Dragon Lizard anolis. Versions of SysAK prior to v2.0 contained security vulnerabilities; these vulnerabilities stemmed from command execution, potentially allowing attackers to execute arbitrary commands...
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...
CVE-2021-27965
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request...
Exploit for Server-Side Request Forgery in Svelte Sveltekit
BlueDragon Web Security An advanced web vulnerability scann...
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by t...
CVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...
EUVD-2025-201093
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...
CVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...
CVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...
HCLTech DRAGON 安全漏洞
HCLTech DRAGON is a data retention / archiving / mass data storage and retrieval solution from HCL Corporation, USA. A security vulnerability exists in HCLTech DRAGON versions prior to 7.6.0, which stems from a missing instruction and could lead to the remote execution of arbitrary code...
PT-2025-48976
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives...
HCLTech DRAGON 安全漏洞
HCLTech DRAGON is a data retention / archiving / mass data storage and retrieval solution from HCL Corporation, USA. A security vulnerability exists in HCLTech DRAGON versions prior to 7.6.0 that stems from the API not enforcing a request number or size limit, which could lead to remote execution...