EUVD-2025-121383

Malicious code in terser-webpack-plugin-csv-transform-native npm...

Intel Processor Identification Utility 安全漏洞

Intel Processor Identification Utility is a processor identification utility from Intel Corporation USA. The program supports the display of graphics information, chipset information, processor supported technologies, and other information. A security vulnerability exists in Intel Processor...

Intel System Support Utility for Windows 代码问题漏洞

Intel System Support Utility for Windows is a Windows platform-based system support utility from Intel Corporation USA. The program is mainly used to identify the hardware model, operating system version, and software installed on the computer. A code issue vulnerability exists in Intel System...

Intel CIP 代码问题漏洞

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from an uncontrolled search path, which can be exploited by an attacker to cause elevation of...

EUVD-2017-15957

Malware in sbrugna...

Salesforce Tableau Server和Salesforce Tableau Desktop 安全漏洞

Salesforce Tableau Server and Salesforce Tableau Desktop are both products of Salesforce, Inc.Salesforce Tableau Server is a data visualization and analytics platform.Salesforce Tableau Desktop is a business intelligence software. A security vulnerability exists in Salesforce Tableau Server and...

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.3.1 that stems from the fact that...

Helm 代码注入漏洞

Helm is a Kubernetes package manager from the CNCF Foundation. A code injection vulnerability exists in Helm versions prior to 3.18.4 that stems from specially crafted Chart.yaml and Chart.lock files that could lead to native code execution...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139, Firefox ESR versions prior to 115.24, and Firefox ESR versions prior to 128.11, which stems from insufficient escaping of line...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 139 and Firefox ESR versions prior to 128.11, which stems from insufficient escaping of the & symbol in the Copy as cURL feature,...

Mozilla Firefox ESR 安全漏洞

Mozilla Firefox ESR is an extended support release of Firefox web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox ESR versions prior to 128.10 and prior to 115.23, which stems from insufficient escaping of special characters by the copy...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 138, which stems from an insufficient escaping of special characters by the copy as cURL feature, which could lead to native code...

BasicSR 安全漏洞

BasicSR is an open source image and video recovery toolkit from XPixelGroup Open Source. A security vulnerability exists in XPixelGroup BasicSR 1.4.2 and earlier versions that stems from a vulnerability that could allow native code execution under certain circumstances...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

Lorex 2K Indoor Wi-Fi Security Camera 安全漏洞

Lorex 2K Indoor Wi-Fi Security Camera is a series of security cameras from Lorex Canada. A security vulnerability previously existed in Lorex 2K Indoor Wi-Fi Security Camera version 2.800.0000000.8.R.20241111. An attacker exploiting this vulnerability could execute arbitrary operating system...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code of comAndroid internalos ZygoteCommandBuffernativeForkRepeatly in comAndroid internalos Zygot CommandBuffer.cpp is caused ...

Code Injection

pkg is vulnerable toCode Injection. The vulnerability is due to the use of a hardcoded directory /tmp/pkg/ for native code packages, which is shared among all users on the same local system without unique or unpredictable package names, enabling attackers to replace genuine executables with...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828

CVE-2024-24828 describes a local privilege escalation in the Node.js tool pkg. The vulnerability arises because native-code packages built by pkg are written to a hardcoded, shared directory (/tmp/pkg/) on UNIX-like systems with non-unique, predictable names. An attacker with access to the same l...