pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API method, which allowed options related to proxies to be included in the list. This could allow any...

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

CVE-2026-31457

The CVE-2026-31457 entry describes a Linux kernel vulnerability in DAMON (mm/damon/sysfs) where damon_sysfs_repeat_call_fn() dereferences contexts_arr[0] when nr_contexts is set to 0 via sysfs, due to a missing check on contexts->nr. This can occur while DAMON is running and cause a NULL point...

ASUS Member Center 安全漏洞

ASUS Member Center is a membership management and service platform provided by ASUS Corporation in China. There is a security vulnerability in ASUS Member Center. This vulnerability stems from time checks in the update module and usage race conditions, which may lead to privilege escalation...

Minor update for Vivaldi Desktop 7.7

Download Vivaldi The following improvements were made since the initial 7.7 stable release: About Show "Checking update" during check VB-121417 Chromium Update to 142.0.7444.180 Incl. CVE-2025-10200 Crash Occasionally on window activation VB-121890 CrashAddress fieldmacOS When I type certain word...

EUVD-2010-0150

Malware in sbrugna...

CVE-2024-32488

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there...

CVE-2020-28190

TerraMaster TOS = 4.2.06 was found to check for updates of both system and applications via an insecure channel HTTP. Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates...

PT-2024-23170 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the...

CVE-2024-32488

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there...

CVE-2024-32488

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there...

CVE-2024-32488

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there...

Virtuozzo Hybrid Infrastructure 6.1 Hotfix 1 (6.1.0-247)

In this release, Virtuozzo Hybrid Infrastructure enables selective updates of specific Kubernetes node groups, as well as provides stability and performance improvements. Vulnerability id: VSTOR-83526 Cannot filter backup plans by using the "Disabled" status. Vulnerability id: VSTOR-83662 Added...

MOXA NPort 5000 Series Security Breach

The MOXA NPort 5000 Series is a series of general-purpose device servers from China-based MOXA. A security vulnerability exists in the MOXA NPort 5000 Series that stems from insufficient checking for firmware updates or upgrades, allowing an attacker to manipulate the firmware and take control of...

K45435121: DNS Express vulnerability CVE-2018-5538

Security Advisory Description On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to...

CVE-2022-1791

The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check...

WordPress plugin One Click Plugin Updater 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-22786

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading...

Rhinode Trading Paints 安全漏洞

Rhinode Trading Paints is used by Rhinode USA to add customized car paint to iRacing. A security vulnerability exists in Rhinode Trading Paints versions prior to 2.0.36, which stems from the fact that TP Updater.exe uses plaintext HTTP to check for and request updates. As a result, an attacker...

CVE-2020-28190

TerraMaster TOS = 4.2.06 was found to check for updates of both system and applications via an insecure channel HTTP. Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates...