CVE-2025-13131 Sonarr Service Sonarr.Console.exe default permission

A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vend...

MAL-2025-191850 Malicious code in quicksort-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb Importing the module downloads and executes an executable with malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Malicious code in quicksort-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb Importing the module downloads and executes an executable with malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-1010023)

DISPUTED GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE...

EUVD-2025-111866

Malicious code in lacerta-middleware-procyon-exec npm...

Malicious code in db-aggregator-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aed54ed734902c1a5749b7861e2ad95cc2d8c71c78fa4b0167499f9a1b296f9f Importing the module downloads and starts an infostealer. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-191713 Malicious code in db-aggregator-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aed54ed734902c1a5749b7861e2ad95cc2d8c71c78fa4b0167499f9a1b296f9f Importing the module downloads and starts an infostealer. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

1 PoCo: Agentic Proof-Of-Concept Exploit Generation for Smart Contracts

Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept PoC exploits play a critical role by demonstrating to the stakeholders that the reported...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI prior to 2024R1.4.2 is affected by overly permissive permissions on systemd unit files, notably nagios.service having executable permissions not required. This could broaden local attack surface. Affected versions should be updated to 2024R1.4.2 or later; monitoring advisories also note...

CVE-2025-34135 Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-60320

memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service memoQauhlp101. The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to...

EUVD-2025-36694

An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder...

CVE-2024-14012

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed i...

CVE-2024-14012 Potential Privilege Escalation in Revenera InstallShield 2023 R1

Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed i...

CVE-2025-57227

An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder...

CVE-2025-57227

CVE-2025-57227 affects Kingo ROOT v1.5.8.3353 by Kingosoft Technology Ltd. The vulnerability is an unquoted service path that allows local privilege escalation by placing a crafted executable in the parent folder. Public sources (e.g., PT-2025-44334) suggest updating to a newer Kingo ROOT version...