CVE-2021-47807

CVE-2021-47807 affects Sync Breeze 13.6.18, where an unquoted Windows service path in the program files directory allows a local attacker to inject a malicious executable and escalate privileges. The vulnerability stems from the unquoted service path in the service configuration, enabling local e...

CVE-2020-36930

The CVE-2020-36930 vulnerability affects SysGauge Server 7.9.18, caused by an unquoted service path in the binary path configuration (C:\Program Files\SysGauge Server\bin\sysgaus.exe). Local attackers could exploit this to inject malicious executables and escalate privileges. Exploitation details...

CVE-2020-36928

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBAAgentClient service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions...

Your VMDR Year in Review: Making Security Progress Visible and Actionable

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...

vert.x security vulnerability

Vert.x is an open-source toolkit developed by Eclipse Vert.x. There is a security vulnerability in Vert.x, which stems from improper implementation of the static program cache. This vulnerability could be exploited by specially crafted request URIs, leading to denial-of-service attacks against...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002530 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

PT-2026-3177

Name of the Vulnerable Software and Affected Versions Sync Breeze version 13.6.18 Description Sync Breeze version 13.6.18 contains a security issue due to an unquoted service path in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The issue...

MAL-2026-252 Malicious code in solana-program (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-2661

Malicious code in solana-program PyPI...

Malicious code in solana-program (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2022-50901

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that woul...

CVE-2022-50902

The CVE-2022-50902 entry concerns Wondershare FamiSafe 1.0, where the FSService has an unquoted service path at C:\Program Files (x86)\Wondershare\FamiSafe, enabling local users to potentially execute code with LocalSystem privileges during service startup. Connected documents confirm the affecte...

UBUNTU-CVE-2025-68808

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtvchannelsiinit creates a temporary list program, service, event and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through...

Schneider Electric EcoStruxure Power Build Rapsody (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

PT-2026-2361

Name of the Vulnerable Software and Affected Versions Splashtop version 8.71.12001.0 Description The software contains an unquoted service path vulnerability within the Splashtop Software Updater Service. This allows local attackers to potentially execute arbitrary code. The vulnerability exists...

[SECURITY] Fedora 43 Update: musescore-4.6.5-32.fc43

MuseScore is a free cross platform WYSIWYG music notation program. Some highlights: WYSIWYG, notes are entered on a "virtual note sheet" Unlimited number of staves Up to four voices per staff Easy and fast note entry with mouse, keyboard or MIDI Integrated sequencer and FluidSynth software...

OESA-2026-1012 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...