Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-114 (ALASECS-2026-114)

The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-114 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

CVE-2026-44406

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since...

CVE-2026-44406

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since...

PT-2026-38346

Name of the Vulnerable Software and Affected Versions ZTE Cloud PC client uSmartView affected versions not specified Description ZTE Cloud PC client uSmartView is subject to a DLL hijacking issue. Because the uSmartViewServiceAgent.exe process runs with SYSTEM privileges, a successful attack allo...

CVE-2026-7461

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...

CVE-2025-13751

A flaw was found in OpenVPN. This vulnerability allows a local denial of service via a local authenticated user connecting to the interactive service agent on Windows and triggering an error. Mitigation Mitigation for this issue is either not available or the currently available options do not me...

CVE-2025-12952

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...

ALPINE-CVE-2025-13751

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7alpha1 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service...

CVE-2025-13751

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7alpha1 through 2.7rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service...

CVE-2025-13751

CVE-2025-13751 affects OpenVPN on Windows, specifically the Interactive Service Agent. The vulnerability arises from mishandling of an Interactive Service Proxy error, allowing a local authenticated user to connect to the service and trigger an error that results in a local denial of service. Aff...

EUVD-2017-16824

Malware in sbrugna...

EUVD-2007-0323

Malware in sbrugna...

EUVD-2017-5942

Malware in sbrugna...

EUVD-2017-5941

Malware in sbrugna...

net: dsa: improve shutdown sequence

...

CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2025-34160

CVE-2025-34160 affects AnyShare via the ServiceAgent API exposed on port 10250. The endpoint "/api/ServiceAgent/start_service" accepts POST input and fails to sanitize command-like payloads, enabling unauthenticated remote code execution (RCE) when an attacker injects shell syntax that is execute...