CVE-2020-12846

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

CVE-2023-40012

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

CVE-2021-22566

An incorrect setting of UXN bits within mmuflagstos1pteattr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits...

CVE-2024-39752

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

CVE-2022-31198

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...

MAL-2026-162 Malicious code in btcli-security (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a4b868f818b1a81f5fccee1967f70c3ff9d75c218d14ec09882c576a9c2c213e Package clones a legitimate bittensor-cli library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious...

MAL-2026-128 Malicious code in lnatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a613dbd371593bf6bcb7ae528a4d7d7dba2fedfc6670c8cb493bb5cbee18f734 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

Malicious code in lnatainstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a613dbd371593bf6bcb7ae528a4d7d7dba2fedfc6670c8cb493bb5cbee18f734 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

MAL-2026-99 Malicious code in testingpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 577f9c1cdb7d3ef0e010cc9e292142a11f3a84a9f1ed42f238a920e7e9617b35 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

Malicious code in testingpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 577f9c1cdb7d3ef0e010cc9e292142a11f3a84a9f1ed42f238a920e7e9617b35 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

CVE-2020-36916 TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...

CVE-2020-36916

The CVE-2020-36916 entry concerns TDM Digital Signage PC Player version 4.1.0.4, where an elevation-of-privileges flaw allows authenticated users to modify executables by abusing existing Modify permissions to replace binaries and gain elevated system access. The root cause is insecure permission...

PT-2026-1450

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...

TDM Digital Signage PC Player 安全漏洞

TDM Digital Signage PC Player is a specialized playback terminal software from the Dutch company TDM Digital Signage. A security vulnerability exists in TDM Digital Signage PC Player version 4.1.0.4, which stems from an elevation of privilege vulnerability that could result in replacing executabl...

MAL-2026-55 Malicious code in lium-io-gztensor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f87521be2fb53979b969dc362d41bfcf6c9f860f8d6517a76889a81dedc06a1 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

Malicious code in async-substrate-interface-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f97af1701ef4cd3f9c0a8bf1f8245a4291ac3b704b9149972b27a6dd9966428 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

MAL-2026-51 Malicious code in async-substrate-interface-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f97af1701ef4cd3f9c0a8bf1f8245a4291ac3b704b9149972b27a6dd9966428 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

MAL-2026-52 Malicious code in celium-collateral-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adea9a91926d593420b0d9d07dd66bc5656bb42bf3735074a3f33533800a79dc This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...