CVE-2025-10539

Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...

EUVD-2026-17162

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

The CVE-2026-3502 issue affects TrueConf Client where the update payload is downloaded and installed without integrity verification, allowing an attacker who controls the update path to substitute a tampered payload and potentially achieve arbitrary code execution in the updater process or user c...

PT-2026-29097

Name of the Vulnerable Software and Affected Versions TrueConf versions 8.1.0 through 8.5.2 Description TrueConf Client downloads application update code and applies it without performing integrity or authenticity verification. An attacker capable of influencing the update delivery path, such as ...

MAL-2026-52 Malicious code in celium-collateral-upgrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adea9a91926d593420b0d9d07dd66bc5656bb42bf3735074a3f33533800a79dc This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

EUVD-2019-9854

Malware in sbrugna...

EUVD-2025-1960

Malicious code in bioql PyPI...

CVE-2025-1311

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-1001

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack MITM. An attacker could modify the server's response and deliver a...

.NET 8.0 Update - November 12, 2024 (KB5047489)

.NET 8.0 Update - November 12, 2024 KB5047489 NET 8.0 has been refreshed with the latest update as of November 12, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 8.0 servicing updates are upgrades. The latest servicing...

November 9, 2021 Servicing Stack Update (KB5007349)

November 9, 2021 Servicing Stack Update KB5007349 NEW 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as ...

KB4516068: Windows 10 Version 1703 September 2019 Security Update

The remote Windows host is missing security update 4516068. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Text Service Framework TSF when the TSF server process does not validate the source of input or commands it receives. An...

KB4516058: Windows 10 Version 1803 September 2019 Security Update

The remote Windows host is missing security update 4516058. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows Text Service Framework TSF when the TSF server process does not validate the source of input or commands it receives. An...

KLA11552 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, spoof user interface, execute arbitrary code, bypass security restrictions. Below is a complete list of...

Privilege escalation

Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions...

CVE-2017-11829

Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions...

Microsoft Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Windows Update Delivery Optimization in Microsoft Windows, which originates when the program fails to enforce file sharing permissions. A local attacker...

KLA11111 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...