EUVD-2026-33642

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

OpenClaw has an unspecified vulnerability (CNVD-2026-20008)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to properly preserve the OPENCLAWRuntime Control Environment namespace in the workspace dotenv file, which can be exploited by an attacker to manipula...

Astra Linux - уязвимость в firefox

A use-after-free crash could occur on macOS if a Firefox update was applied to a heavily utilized system. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...

CVE-2026-1880

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

CVE-2026-1880

The CVE-2026-1880 entry concerns an Incorrect Permission Assignment for a Critical Resource in the ASUS DriverHub update process. The vulnerability arises from improper protection of required execution resources during the validation phase, enabling a local user to make unprivileged modifications...

EUVD-2026-23155

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

CVE-2026-1880

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

PT-2026-33244

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

EUVD-2026-17413

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

PT-2026-29250

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

CVE-2026-1442

CVE-2026-1442 describes a vulnerability in Unitree firmware update protection where the algorithm used to protect firmware updates is itself encrypted with key material accessible to an attacker. This could allow an unauthorized user to alter firmware updates and have them trusted by Unitree prod...

Chainlit code issue vulnerabilities

Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of URL parameters during the update process for projects/elements, which could lead t...

Korenix JetNet Improper Verification of Cryptographic Signature (CVE-2023-5347)

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. This plugin only works with Tenable.ot...

Arcane operating system command injection vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the update process, where command injection was possible, potentially allowing for t...

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied packageName in the generateLockFile function of npm manager. An attacker can execute arbitrary commands on the host system b...

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

CVE-2024-39872

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate...

CVE-2019-7323

GUP generic update process in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the...