CVE-2005-4423

Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."...

CVE-1999-0354

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

CVE-2025-27997

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...

PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled compared to the...

Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence AI-powered platform to synthesize images and...

Valve Steam Client 安全漏洞

Valve Steam Client is a digital game distribution client from Valve Corporation, USA. A security vulnerability exists in Valve Steam Client version 1738026274, which originates from a specially crafted executable or DLL, and may result in elevated privileges...

CVE-2025-27997

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

CVE-2025-27998

CVE-2025-27998 affects Valve’s Steam Client (version 1738026274). The issue allows local privilege escalation via a crafted executable or DLL, with a CVSSv3.1 base score of 8.4 (HIGH) and impact on confidentiality, integrity, and availability. Affected component: Steam Client; root cause and exac...

CVE-2025-27998

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL...

GHSA-9HQ9-CR36-4WPJ TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

TYPO3 Allows Unrestricted File Upload in File Abstraction Layer

Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be...

CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

CVE-2025-47939

TYPO3 CMS vulnerability CVE-2025-47939 affects TYPO3 versions prior to 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. The issue is an unrestricted file upload in the File Abstraction Layer: the file management backend allowed uploading any file type, including potentially ...

CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restrictio...

CVE-2025-4769

A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The...

The vulnerability of the ThinServer.exe executable file of the ThinServer component of the Rockwell Automation ThinManager centralized application management platform allows a attacker to load arbitrary files.

The vulnerability of the ThinServer.exe executable file of the ThinServer component of Rockwell Automation’s ThinManager application platform is related to errors in processing the relative path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to...

Malicious code in telegramdoxing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cdffd265ab7e5d199258a068bf6c251370ae931fc905109bd2fb659cd7d9114 The package contains an embedded malicious executable probably blank grabber started when running the module. Probably continuation of 2025-05-pydoxing ---...

MAL-2025-191888 Malicious code in telegramdoxing (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cdffd265ab7e5d199258a068bf6c251370ae931fc905109bd2fb659cd7d9114 The package contains an embedded malicious executable probably blank grabber started when running the module. Probably continuation of 2025-05-pydoxing ---...