EUVD-2026-26665

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

EUVD-2018-3899

Malware in sbrugna...

EUVD-2018-3906

Malware in sbrugna...

PT-2025-41187

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially designed shared deck can place a YouTube downloader executable in the media folder. This executable is then run when a YouTube link is present within the deck. The executable may be named...

EUVD-2023-52714

Malicious code in bioql PyPI...

CVE-2022-4223

CVE-2022-4223 describes a remote code execution vulnerability in pgAdmin that affects versions prior to 6.17. An insecure HTTP API allows an unauthenticated user to pass a manipulated path (e.g., a UNC path) to the server, which could lead to the execution of an arbitrary executable on the pgAdmi...

SICK SOPAS ET 4.8.0 路径遍历漏洞

Sick Sopas Et is an engineering tool from the German company Sick. versions prior to SICK SOPAS ET 4.8.0 contain a path traversal vulnerability that could be exploited to manipulate the pathname of the emulator and use path traversal to run arbitrary executable files located on the host system...

RUSTSEC-2021-0071 `grep-cli` may run arbitrary executables on Windows

On Windows in versions of grep-cli prior to 0.1.6, it's possible for some of the routines to execute arbitrary executables. In particular, a quirk of the Windows process execution API is that it will automatically consider the current directory before other directories when resolving relative...

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service memory corruption via a crafted executable, which triggers a denial of service application crash or the possibility of execution of arbitrary code...

DWebPro 8.4.2 Local File Inclusion Vulnerability

DWebPro is a dynamic web site software package for distribution on CD/DVD or USB drives. A local file inclusion vulnerability exists in the start parameter of DWebPro, which allows an attacker to access arbitrary files and, when browsing to an executable file, execute the file with system...

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass (1)

Qualcomm Eudora 6.0.16.1.1 - Attachment LaunchProtect Warning Bypass 1 source: https://www.securityfocus.com/bid/9101/info A problem has been identified in the implementation of LaunchProtect within Eudora. Because of this, it may be possible to trick users into performing dangerous actions. May...