CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

Dell UPS Multi-UPS Management Console 代码问题漏洞

Dell UPS Multi-UPS Management Console is an uninterruptible power supply management software developed by the American company Dell. Version 01.06.0001 of Dell UPS Multi-UPS Management Console contains a code vulnerability caused by search paths without quotes. This vulnerability may allow users...

CVE-2003-1521

Sun Java Plug-In 1.4 through 1.4.202 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model...

I-O DATA NarSuS App 代码问题漏洞

I-O DATA I-O DATA NarSuS App is a desktop software from I-O DATA, Inc. that includes device detection, driver installation, configuration assistance, firmware update, and service registration. I-O DATA I-O DATA NarSuS App suffers from a code issue vulnerability that stems from a Windows service...

CVE-2025-62376

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...

CVE-2025-61871

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

EUVD-2007-0731

Malware in sbrugna...

EUVD-2020-7133

Malware in sbrugna...

EUVD-2021-29233

Malicious code in bioql PyPI...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

CVE-2020-15003

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user via the session API during shared Drive access...

Motorola Solutions Vigilant Fixed LPR Coms Box Security Vulnerability

Motorola Solutions Vigilant Fixed LPR Coms Box is a license plate recognition system from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions Vigilant Fixed LPR Coms Box, which arises from data being stored in clear text, which could allow an unauthorized user to...

PT-2024-18770 · Google · Google Drive

Name of the Vulnerable Software and Affected Versions: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress versions up to, and including, 1.3.8 Description: The plugin is vulnerable to...

PT-2022-10453 · Solarwinds · Serv-U

Name of the Vulnerable Software and Affected Versions: Serv-U versions 15.3.0.X through 15.3.0.X before Hotfix 1 Serv-U version 15.3 Description: A researcher reported a Directory Transversal issue in Serv-U. This may allow access to files relating to the Serv-U installation and server files. The...

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives...

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

Design/Logic Flaw

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...