CVE-2021-20117

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118...

CVE-2010-5185

The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors...

CVE-2017-1000455

GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix...

PT-2025-22384

Name of the Vulnerable Software and Affected Versions Valvesoftware Steam Client version 1738026274 Description The issue allows attackers to escalate privileges via a crafted executable or DLL. This can be achieved by manipulating a specifically crafted executable or DLL, which enables the...

[SECURITY] Fedora 40 Update: perl-PAR-Packer-1.063-3.fc40

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

[SECURITY] Fedora 41 Update: perl-PAR-Packer-1.063-5.fc41

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

VulnCheck KEV: CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

UBUNTU-CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

CVE-2025-43929

CVE-2025-43929 affects kitty before 0.41.0. The issue arises because open_actions.py does not prompt for user confirmation before executing a local file that could be linked from an untrusted document (e.g., KDE Ghostwriter exports). Affects Kitty component (kitty) with local attack surface; expl...

[SECURITY] Fedora 42 Update: perl-PAR-Packer-1.063-6.fc42

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...

[SECURITY] Fedora 42 Update: bigloo-4.6a-2.fc42

Bigloo is a Scheme implementation devoted to one goal: enabling a Scheme based programming style where C++ is usually required. Bigloo attempts to make Scheme practical by offering features usually presented by traditional programming languages but not offered by Scheme and functional programming...

CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers ISPs in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity...

LibreOffice 输入验证错误漏洞

LibreOffice is an open source office software suite from The Document Foundation. An input validation error vulnerability exists in LibreOffice versions prior to 24.8 through 24.8.5 that stems from improper input validation and could lead to unconditional execution of Windows executables...

CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or...