6692 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions...
PT-2025-37033
Name of the Vulnerable Software and Affected Versions: UPDF version 1.8.5.0 Description: A DLL search path hijacking issue exists in the UPDF.exe executable for Windows. An attacker with local access can execute arbitrary code by placing a malicious dxtn.dll file in the...
CVE-2025-57392
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...
CVE-2025-57392
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The installation directory grants Everyone and BUILTIN\Users FILE_ALL_ACCESS, enabling local users to replace or modify .exe/.dll files. This can lead to privilege escalation or arbitrary code execution on launch by another user or...
PT-2025-37080
Name of the Vulnerable Software and Affected Versions: BenimPOS Masaustu versions 3.0.x Description: BenimPOS Masaustu application installation directory grants Everyone and BUILTINUsers groups FILE ALL ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to...
Linux Distros Unpatched Vulnerability : CVE-2015-7684
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an...
CVE-2025-59042 PyInstaller has local privilege escalation vulnerability
PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...
CVE-2025-44593
Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13...
PT-2025-36997
Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...
CVE-2025-44593
Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13...
PT-2025-36945
Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.13 Description: Halo versions prior to 2.20.13 allow bypassing file type detection, enabling the upload of malicious files, including .exe and .html files. Uploading .html files can trigger stored cross-site...
CVE-2025-58353
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...
Unexpected paths returned from LookPath in os/exec
...
PT-2025-36092
Name of the Vulnerable Software and Affected Versions: Promptcraft Forge Studio affected versions not specified Description: Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. The software’s input sanitization process, which utilizes regex...
MAL-2025-191800 Malicious code in nayzakishere (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 448aef468d12fea1df0793a00d8a0e55788dcebd3033ed1ec515012020538b6b Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in nayzakishere (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 448aef468d12fea1df0793a00d8a0e55788dcebd3033ed1ec515012020538b6b Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2025-191735 Malicious code in fromwherebitch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afc6e5261aea72f5412acfb599af497963496a824bdd8a9b943b2873cbd4c743 Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in fromwherebitch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afc6e5261aea72f5412acfb599af497963496a824bdd8a9b943b2873cbd4c743 Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2025-191938 Malicious code in xwormclient (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a6c0b4ce2747e70d2e9f46f624188d4da6a70af3182e6e94b22de7446dc180c Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in xwormclient (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4a6c0b4ce2747e70d2e9f46f624188d4da6a70af3182e6e94b22de7446dc180c Importing the module downloads and executes widely recognized malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...