CVE-2026-40004

Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

EUVD-2026-28243

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

ZTE Cloud PC client uSmartView 代码问题漏洞

ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...

PT-2026-38328

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

ZTE ZXCLOUD iRAI 代码问题漏洞

The ZTE ZXCLOUD iRAI is a virtualized device from China’s ZTE Corporation. The ZTE ZXCLOUD iRAI has a code vulnerability, which stems from an issue with the openssl.cnf permission escalation. This vulnerability could allow attackers to execute arbitrary code locally and escalate their privileges...

ZTE PROCESS Guard 安全漏洞

ZTE PROCESS Guard is a process security protection and monitoring software developed by ZTE Corporation. ZTE PROCESS Guard has a security vulnerability that may lead to arbitrary code execution on the local level, privilege escalation, and path traversal bypasses...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

PT-2026-37228

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description Several ProcessServer handlers, specifically KillAllHandler, SuspendAllHandler, and RunSandboxedHandler, copy a boxname field from request structures into stack buffers using wcscpy without...

CVE-2026-36365

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

caesium-image-compressor 命令注入漏洞

Caesium-image-compressor is a image compression tool developed by Matteo Paonessa, which supports JPG, PNG, and WebP formats. Caesium-image-compressor has a command injection vulnerability, which stems from issues with the shutdownMachine and putMachineToSleep functions in...

CVE-2026-36365

CVE-2026-36365 concerns Lymphatus caesium-image-compressor (all versions up to commit 02da2c6). The issue allows a local attacker to execute arbitrary code via the functions shutdownMachine and putMachineToSleep in PostCompressionActions.cpp. CVSS 3.1 base score 7.8 (High): Local attacker with lo...

Astra Linux - уязвимость в linux

It was discovered that the eBPF implementation in the Linux kernel failed to properly track bound information for 32-bit registers when performing division and modulo operations. A local attacker could use this vulnerability to potentially execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-7580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component...

CVE-2026-7580 Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Processmrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 i...

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

CVE-2018-25314

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

CVE-2018-25303

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler SEH overwrite. Attackers can craft a malicious input string with 780 bytes of junk...

CVE-2018-25301

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling SEH local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode tha...

CVE-2018-25315

Alloksoft Video joiner 4.6.1217 contains a local buffer overflow vulnerability in the License Name input that can lead to arbitrary code execution via SEH overwrite when processing license registration. Affected component: License handling in the application; root cause: buffer overflow in licens...