PT-2026-41321

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

PT-2026-27472

Name of the Vulnerable Software and Affected Versions IDrive versions affected versions not specified Description The id service.exe process operates with elevated privileges and routinely reads files located in the C:ProgramDataIDrive directory. These files, encoded in UTF16-LE, are used as...

CVE-2008-7196

Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability...

CVE-2019-20362

In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILESX86%\Teradici\PCoIP.exe instead of the intended pcoipvchanprintingsvc.exe file...

EUVD-2021-10086

Malware in sbrugna...

EUVD-2007-2324

Malware in sbrugna...

EUVD-2021-0621

Malware in sbrugna...

EUVD-2008-7155

Malware in sbrugna...

EUVD-2017-7292

Malware in sbrugna...

CVE-2025-48390

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...

CVE-2021-43456

An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path...

USN-7488-1 python vulnerabilities

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...

CVE-2024-45262

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AX1800 is a wireless router.GL.iNet AXT1800 is a router. A security vulnerability exists in several GL.iNet products. An attacker can exploit the...

PT-2023-30911 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.8.13 Description: Jellyfin is a system for managing and streaming media. The /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious...

SUSE CVE-2021-28955

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations most often seen on Windows...

PT-2022-26318

Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 6.17 Description The pgAdmin server includes an HTTP API intended to validate the path a user selects to external PostgreSQL utilities such as pg dump and pg restore. This API is used to determine the PostgreSQL versi...

CVE-2022-29549

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks e.g., to help ensure that a program was installed by root and without integrity checks e.g., a checksum comparison against known legitimate...

OESA-2022-1803 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.CVE-2022-25255...

CVE-2022-24286

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general...