52 matches found
CVE-2026-26050
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...
PT-2026-21005
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...
CVE-2026-25676
CVE-2026-25676 affects the M-Track Duo HD installer (version 1.0.0). The issue arises from insecure DLL search path handling, which may allow loading of arbitrary DLLs and lead to code execution with administrator privileges. The description does not specify affected products beyond this installe...
PT-2025-46169
Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager versions prior to 2.1.2.12 Description Dell Display and Peripheral Manager contains an Execution with Unnecessary Privileges issue in the Installer. A local attacker with low privileges could potentially...
EUVD-2011-2274
Malware in sbrugna...
EUVD-2020-17736
Malware in sbrugna...
EUVD-2020-27933
Malware in sbrugna...
EUVD-2018-14482
Malware in sbrugna...
EUVD-2020-7517
Malware in sbrugna...
EUVD-2017-14594
Malware in sbrugna...
EUVD-2024-36630
Malicious code in bioql PyPI...
EUVD-2024-38256
Malicious code in bioql PyPI...
EUVD-2024-52190
Malicious code in bioql PyPI...
EUVD-2022-30541
Malicious code in bioql PyPI...
CVE-2025-11223
Summary of CVE-2025-11223 : Panasonic AutoDownloader installer for version 1.2.8 contains a DLL search path issue (CWE-427) that may allow loading a crafted DLL file from the same directory. This could enable arbitrary code execution with the privileges of the user invoking the installer. Public ...
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely
...
CVE-2025-20087
Incorrect default permissions for some IntelR oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-49124
CVE-2025-49124 : Untrusted Search Path in Apache Tomcat Windows installer. Tomcat’s Windows installer runs icacls.exe without a full path. Affected: Tomcat 11.0.0-M1–11.0.7, 10.1.0–10.1.41, 9.0.23–9.0.105 (plus some EOL versions). Mitigation: upgrade to 11.0.8, 10.1.42 or 9.0.106. CVSSv3.1 base s...
CVE-2020-5909
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...
CVE-2024-53921
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process...