CVE-2026-26210

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the transform module path resolution process. An attacker can execute arbitrary JavaScript code with gateway-process privileges by causing a symlinked entry t...

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

EUVD-2026-1873

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

EUVD-2025-202439

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34422

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

PT-2025-46731

Name of the Vulnerable Software and Affected Versions TEC-IT TBarCode version 11.15 Description The TBarCode11.ocx ActiveX/OCX control in version 11.15 has a flaw in its licensing handling, which relies on INI-files. This can be exploited to remotely create files on the host filesystem. Depending...

EUVD-2016-10439

Malware in sbrugna...

EUVD-2002-1980

Malware in sbrugna...

Command Injection

screenshot-desktop is vulnerable to command injection. The vulnerability is due to unsanitized user-controlled input being passed into the format option of the screenshot function, which allows an attacker to execute arbitrary commands with the privileges of the calling process...

Salt's on demand pillar functionality vulnerable to arbitrary command injections

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

CVE-2020-23060

Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file...

CVE-2020-28967

FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers...

CVE-2002-2000

ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data...

PT-2023-26521 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: An access issue was addressed with additional sandbox restrictions. A sandboxed process may be able to circumvent sandbox restrictions. Recommendations: For versions prior to 14, update to macOS Sonoma ...

Hardcoded credentials

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...

Design/Logic Flaw

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

Siemens Solid Edge 资源管理错误漏洞

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. A memory misreference vulnerability exists in Siemens Solid Edge. An attacker can exploit this vulnerability by parsing...

CVE-2022-38650

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server proces...