CVE-2026-44406

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since...

CVE-2026-44406 DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since...

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

CVE-2026-40004

Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

ZTE ZXCLOUD iRAI 代码问题漏洞

The ZTE ZXCLOUD iRAI is a virtualized device from China’s ZTE Corporation. The ZTE ZXCLOUD iRAI has a code vulnerability, which stems from an issue with the openssl.cnf permission escalation. This vulnerability could allow attackers to execute arbitrary code locally and escalate their privileges...

ZTE PROCESS Guard 安全漏洞

ZTE PROCESS Guard is a process security protection and monitoring software developed by ZTE Corporation. ZTE PROCESS Guard has a security vulnerability that may lead to arbitrary code execution on the local level, privilege escalation, and path traversal bypasses...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

PT-2026-37228

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description Several ProcessServer handlers, specifically KillAllHandler, SuspendAllHandler, and RunSandboxedHandler, copy a boxname field from request structures into stack buffers using wcscpy without...

CVE-2026-36365

CVE-2026-36365 concerns Lymphatus caesium-image-compressor (all versions up to commit 02da2c6). The issue allows a local attacker to execute arbitrary code via the functions shutdownMachine and putMachineToSleep in PostCompressionActions.cpp. CVSS 3.1 base score 7.8 (High): Local attacker with lo...

CVE-2026-36365

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

caesium-image-compressor 命令注入漏洞

Caesium-image-compressor is a image compression tool developed by Matteo Paonessa, which supports JPG, PNG, and WebP formats. Caesium-image-compressor has a command injection vulnerability, which stems from issues with the shutdownMachine and putMachineToSleep functions in...

Astra Linux – Vulnerability in assimp

A vulnerability exists in assimp v.5.4.3, allowing a local attacker to execute arbitrary code through the CallbackToLogRedirector function within the Assimp library...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The “Use After Free” vulnerability in the Linux kernel allows for the execution of code in a local environment on Linux, x86, and ARM bluetooth modules. This vulnerability is associated with program files located at https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C...

Astra Linux - уязвимость в linux

It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a local buffer overflow vulnerability in the License Name input that can lead to arbitrary code execution via SEH overwrite when processing license registration. Affected component: License handling in the application; root cause: buffer overflow in licens...

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...