61 matches found
TOR Virtual Network Tunneling Tool 0.4.9.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
CVE-2026-31943
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained code vulnerabilities. These vulnerabilities stemmed from the fact that testwebhooknotifications.php did not validate the target URL against private IP ranges, which coul...
CVE-2022-50924
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...
CVE-2022-50924
CVE-2022-50924 affects Private Internet Access 3.3, specifically the pia-service unquoted service path. The unquoted path in the service configuration allows a local attacker to inject code that would run with LocalSystem privileges during service startup, enabling potentially arbitrary code exec...
CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...
CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...
Private Internet Access 代码问题漏洞
Private Internet Access PIA is a VPN software from Private Internet Access, Inc. A code issue vulnerability exists in Private Internet Access PIA version 3.3, which stems from the presence of unquoted paths in the service configuration that could lead to the execution of arbitrary code by a local...
PT-2026-2400
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...
CVE-2019-12578
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpnlauncher.64 binary is setuid root. This binary executes /opt/pia/openvpn-64/openvpn, passing the...
CVE-2019-12573
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...
CVE-2019-12577
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS binary openvpnlauncher.64 is setuid root. This binary creates /tmp/piaupscript.sh when executed...
How private is your VPN?
When you're shopping around for a Virtual Private Network VPN you'll find yourself in a sea of promises like "military-grade encryption!" and "total anonymity!" You can’t scroll two inches without someone waving around these fancy terms. But not all VPNs can be trusted. Some VPNs genuinely protec...
GHSA-8FXJ-2G9Q-8FJW Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
EUVD-2019-4172
Malware in sbrugna...
EUVD-2020-7577
Malware in sbrugna...
EUVD-2019-4166
Malware in sbrugna...
EUVD-2019-4165
Malware in sbrugna...
EUVD-2019-4170
Malware in sbrugna...
CVE-2019-12575
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The rootrunner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts t...