CVE-2026-3508

An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash BSOD via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information...

CVE-2026-3508

The CVE-2026-3508 entry describes an Out-of-bounds Read in the IOCTL handler of ASUS System Control Interface. This allows a local user to trigger a system crash (BSOD) by issuing a read size larger than the internal buffer. Affected component: IOCTL handling within ASUS System Control Interface;...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

EUVD-2025-199530

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

ASUS MyASUS 安全漏洞

ASUS MyASUS is an official ASUS PC application from Asus China Inc. A security vulnerability exists in ASUS MyASUS, which originates from a recovery mechanism elevation of privilege that could result in arbitrary files being executed with SYSTEM privileges...

ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AsusSwitchAgent...

EUVD-2025-22065

Malicious code in bioql PyPI...

EUVD-2022-27957

Malicious code in bioql PyPI...

EUVD-2025-22064

Malicious code in bioql PyPI...

CVE-2025-4569

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4570

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4569

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4570

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4570

The CVE-2025-4570 entry concerns ASUS MyASUS and insecure storage of sensitive keys, potentially allowing an unauthorized actor to obtain a token for communicating with certain services. Connected records reiterate the insecure key storage and token leakage, but provide limited technical detail (...

CVE-2025-4570

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4570

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4569

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4569

An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information...

CVE-2025-4569

CVE-2025-4569 affects ASUS MyASUS. The issue is an insecure sensitive key storage bug that could allow an unauthenticated actor to obtain a token used to access certain services. CVSSv4.0 vector indicates network attack with low complexity, no privileges required, and high impact on confidentiali...