EUVD-2016-10906

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

CVE-2016-20090

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

EUVD-2016-10903

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

Malicious code in new-ts-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ae4cecdfa22793382d07d28a25ba5fabd54ac405cb94e642a1f96faee80 index.js imports childprocess and at lines 101 and 117 invokes execSync to run bash and zsh commands. Lines 9, 194, and 195 use Buffer.from...,...

CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

CVE-2026-44939

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

CVE-2026-48137

Summary: CVE-2026-48137 is an untrusted pointer dereference in the NI grpc-device sideband streaming API affecting NI grpc-device 2.17.0 and earlier. A attacker can cause an arbitrary memory dereference and potentially remote code execution by sending a specially crafted Moniker protobuf message....

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

CVE-2026-53915

CVE-2026-53915 : In JetBrains GoLand prior to 2026.1.3, remote code execution is possible through untrusted project configuration. According to CVSS 3.1 data, the vulnerability has a base score of 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and both c...

CVE-2026-53915

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

EUVD-2026-38005

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration...

Astra Linux – Vulnerability in faad2

A issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the stszin function located in mp4read.c. This allows an attacker to cause code execution...

Astra Linux – Vulnerability in gst-plugins-ugly1.0

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may...

Astra Linux – Vulnerability in xterm

xterm before 375 allows code execution via font ops. For example, an OSC 50 response may trigger Ctrl-g, thereby leading to command execution within the vi line-editing mode of Zsh. NOTE: Font ops are not allowed in the default configurations of some Linux distributions for xterm...

Astra Linux – Vulnerability in Thunderbird

When a worker is shut down, it was possible for the script to run late in the lifecycle, at a time when it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

Astra Linux – Vulnerability in faad2

A issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. This allows an attacker to cause code execution...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...