639 matches found
CVE-2025-31272
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges...
Malicious code in bytedbackground (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2e307770a6b144edad3254d316375ed3cdad0a56f21438b28bcc0f1a17fcb9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ixosrestinterface (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e2fe4fe4fa9a0b286aec54345ba951ff46306f88ef7f106fa1bd2496e34c7898 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bogus-nydus-op (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc5b423ccd6e29bde31dc5123f2e888f3eaedc3fddf020aab581d2b8e64cc8a8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-5271
pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...
Improper Handling Of Symbolic Links
github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...
Malicious code in batch-shipyard (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 83ca35f9b1e5fc77913037dde16ad175609dddc219e613c9dae7f752b112568f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Splunk Enterprise 安全漏洞
Splunk Enterprise is a data collection and analysis software developed by the American company Splunk. There is a security vulnerability in Splunk Enterprise, which stems from issues with the Windows Python module search path. This vulnerability may allow for the execution of malicious code...
CVE-2026-23861
Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...
pfSense 访问控制错误漏洞
pfSense is a network firewall based on FreeBSD Linux. pfSense has an access control vulnerability, which stems from a flaw that may allow execution of malicious code...
CVE-2019-25304 Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\ISS\SecurOS\ to insert malicious code that would execute...
CVE-2019-25288 Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots...
PT-2026-4772
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with...
Malicious code in code-transfering-3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 949a505895a5dcb808074bcddc1a084d12cfadb4b999712b48e012ad455ce817 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MiracleLinux 8 : qt5-qtbase-5.12.5-6.el8, qt5-qttools-5.12.5-2.el8, qt5-qtwebsockets-5.12.5-2.el8 (AXSA:2021-1450:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1450:01 advisory. qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages...
CVE-2021-22433
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...
CVE-2021-22426
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...
CVE-2021-22434
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...