EUVD-2025-32007

Malicious code in bioql PyPI...

CVE-2025-41421

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

Hardcoded credentials

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...

CVE-2021-41848

The CVE-2021-41848 issue affects Luna Simo PPR1.180610.011/202001031830. An attacker with local write access to external storage can supply a spoofed update file containing a shell script and an ARM binary. If processed by /system/bin/osi_bin, this payload can run with the osi SELinux domain as r...

CVE-2021-30110

dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates...

Microsoft Details Flame Hash-Collision Attack

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...