CVE-2025-1700

A DLL hijacking vulnerability was reported in the Motorola Software Fix Rescue and Smart Assistant installer that could allow a local attacker to escalate privileges during installation of the software...

EUVD-2006-1187

Malware in sbrugna...

EUVD-2013-2546

Malware in sbrugna...

EUVD-2015-1552

Malware in sbrugna...

EUVD-2017-14341

Malware in sbrugna...

EUVD-2020-20693

Malware in sbrugna...

EUVD-2017-7331

Malware in sbrugna...

EUVD-2017-14340

Malware in sbrugna...

EUVD-2023-26861

Malicious code in bioql PyPI...

EUVD-2024-51186

Malicious code in bioql PyPI...

EUVD-2022-28868

Malicious code in bioql PyPI...

EUVD-2022-52715

Malicious code in bioql PyPI...

CVE-2025-51726

CyberGhostVPNSetup.exe Windows installer is signed using the weak cryptographic hash algorithm SHA-1, which is vulnerable to collision attacks. This allows a malicious actor to craft a fake installer with a forged SHA-1 certificate that may still be accepted by Windows signature verification...

CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2021-0064

Insecure inherited permissions in the IntelR PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-7381

In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Securit...

CVE-2020-25043

The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system...

K000148898: PostgreSQL vulnerabilities CVE-2021-23214, CVE-2019-9193, CVE-2019-10210, CVE-2019-10128, and CVE-2019-10127

Security Advisory Description CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL...

CVE-2023-28823

Uncontrolled search path in some IntelR oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access...

Design/Logic Flaw

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify or replace the installer to execute malicious code...