MAL-2026-2278 Malicious code in python-aiogram-telegram-updater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94b286136c318836563c0eaddf44e8d1b21f217086b444a3266d91b69ace79b8 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...

ZKTeco ZKTime.Net 安全漏洞

ZKTeco ZKTime.Net is an attendance and time management software developed by ZKTeco Technology ZKTeco in China. Version 3.0.1.6 of ZKTeco ZKTime.Net contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow unauthorized users to elevate their...

CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

Vm3Max NextVPN 安全漏洞

Vm3Max NextVPN is a VPN proxy application developed by Vm3Max Corporation. Version 4.10 of Vm3Max NextVPN contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow local users to modify executable files in order to obtain SYSTEM or Administrator...

PT-2026-7879

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification...

CVE-2020-36916 TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...

CVE-2020-36916

The CVE-2020-36916 entry concerns TDM Digital Signage PC Player version 4.1.0.4, where an elevation-of-privileges flaw allows authenticated users to modify executables by abusing existing Modify permissions to replace binaries and gain elevated system access. The root cause is insecure permission...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

EUVD-2015-7500

Malware in sbrugna...

EUVD-2006-1383

Malware in sbrugna...

EUVD-2023-30800

Malicious code in bioql PyPI...

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

PT-2025-37080

Name of the Vulnerable Software and Affected Versions: BenimPOS Masaustu versions 3.0.x Description: BenimPOS Masaustu application installation directory grants Everyone and BUILTINUsers groups FILE ALL ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to...

CVE-2023-28348

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students...

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

CVE-2024-57276

In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges,...

CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...