PT-2025-53331

Name of the Vulnerable Software and Affected Versions Ross Video DashBoard version 8.5.1 Description An elevation of privileges issue exists in Ross Video DashBoard. Authenticated users can modify executable files because of incorrect permission settings. Attackers can leverage the 'M' or 'C' fla...

Malicious code in unizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36d788bf5be2a646474da2cb929d2b24c328cd5bbd997697780a15da181d1053 During initialization of the archive-support class, the package download and executes remote malicious code --- Category: MALICIOUS - The campaign has clearly...

CVE-2023-53947

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

PT-2025-52695

Name of the Vulnerable Software and Affected Versions Wondershare MirrorGo version 2.0.11.346 Description Wondershare MirrorGo version 2.0.11.346 has a local privilege escalation issue. Incorrect file permissions on executable files allow unprivileged local users to replace the ElevationService.e...

MAL-2025-192686 Malicious code in runtimeutils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d312906cc585fcd02b2ac0b52bb04a23b0294532e3625c7f5e27bf1e4b51e4a Importing the module, downloads and starts a malicious executable identified as infostealer. Based on Telegram links, this is related to the 2025-12-synium...

Malicious code in colorfulpacket (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46d838ba056cc96b43fd6a859a9d351ffda2aee0cdcd2b47ea13f3f38b31d038 Importing the module downloads and executes malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2025-192684 Malicious code in colorfulpacket (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46d838ba056cc96b43fd6a859a9d351ffda2aee0cdcd2b47ea13f3f38b31d038 Importing the module downloads and executes malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

VulnCheck KEV: CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11774

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the software keyboard function hereinafter referred to as "keypad function" of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions...

CVE-2023-53954

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...

CVE-2023-53947

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

CVE-2023-53947

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

CVE-2023-53946

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level...

EUVD-2025-204605

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...

CVE-2023-53949 AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access...

CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

CVE-2025-68457 Orejime has executable code in HTML attributes

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

MAL-2025-192658 Malicious code in connections-api-hidden-runner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae6bedba7c21e763c5a0e27952cf75a13a7705e7681027c87a833417a2035b70 Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Malicious code in connections-api-hidden-runner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae6bedba7c21e763c5a0e27952cf75a13a7705e7681027c87a833417a2035b70 Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...