CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

EUVD-2026-20884

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...

EUVD-2009-3048

Malware in sbrugna...

CVE-2020-16909

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

CVE-2020-1082

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088...

CVE-2020-1088

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082...

Malicious Package

alico is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

luna-mock is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local, unprivileged user to cause a kernel panic (CVE-2018-1782)

Summary IBM Spectrum Scale could allow a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. Vulnerability Details CVEID: CVE-2018-1782 DESCRIPTION:...

Sofacy APT Targeting OS X Machines with Komplex Trojan

The prolific APT gang allegedly behind the DNC hack and other targeted attacks against Western military and political targets is using a new Trojan called Komplex to infect OS X machines used in the aerospace industry. The gang, known as Sofacy, APT28, Fancy Bear, Sednit and Pawn Storm, is...

ATutor 2.1 - tool_file Local File Inclusion

ATutor 2.1 - toolfile Local File Inclusion source: https://www.securityfocus.com/bid/56600/info ATutor is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts i...

HTML.cobble

Sunday, April 1, 2001 Default installation of Internet Explorer 5.5 with all of its so-called patches, service "packs" etc, still allows us to execute files on default installations of the target computer: Once Again: We cobble together new and old Components as follows : - 1. Courtesy of Georgi...