29000 matches found
ROS-20260120-7335
A vulnerability in the bpfprogram function of the driver drivers/net/ppp/pppgeneric.c of the Linux kernel is related to the use of an uninitialized pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
On December 10th, 2025, we received a submission for a Privilege Escalation vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000+ active installations. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...
CVE-2025-14235
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001565)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001565 advisory. In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attac...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004124)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004124 advisory. A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and...
CVE-2021-47810
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES X86\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and...
CVE-2021-47807 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47807
CVE-2021-47807 affects Sync Breeze 13.6.18, where an unquoted Windows service path in the program files directory allows a local attacker to inject a malicious executable and escalate privileges. The vulnerability stems from the unquoted service path in the service configuration, enabling local e...
CVE-2020-36930
The CVE-2020-36930 vulnerability affects SysGauge Server 7.9.18, caused by an unquoted service path in the binary path configuration (C:\Program Files\SysGauge Server\bin\sysgaus.exe). Local attackers could exploit this to inject malicious executables and escalate privileges. Exploitation details...
CVE-2020-36928
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBAAgentClient service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions...
Your VMDR Year in Review: Making Security Progress Visible and Actionable
Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...
PT-2026-3177
Name of the Vulnerable Software and Affected Versions Sync Breeze version 13.6.18 Description Sync Breeze version 13.6.18 contains a security issue due to an unquoted service path in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The issue...
vert.x security vulnerability
Vert.x is an open-source toolkit developed by Eclipse Vert.x. There is a security vulnerability in Vert.x, which stems from improper implementation of the static program cache. This vulnerability could be exploited by specially crafted request URIs, leading to denial-of-service attacks against...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002530)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002530 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...
MAL-2026-252 Malicious code in solana-program (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in solana-program (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2026-2661
Malicious code in solana-program PyPI...