25 matches found
CVE-2026-14018
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-13844
CVE-2026-13844 describes a use-after-free flaw in the Google Chrome Updater on Windows, before version 150.0.7871.47, enabling a local attacker to achieve OS-level privilege escalation via a malicious file. Affected software: Google Chrome and its Updater components on Windows. Root cause: use-af...
PT-2026-54104
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Updater component of Google Chrome on Mac. This flaw allows a local attacker to achieve privilege escalation by utilizing a malicious file. Use afte...
CVE-2025-23114
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
Google Chrome < 143.0.7499.40 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.40. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41...
EUVD-2016-6204
Malware in sbrugna...
EUVD-2023-53943
Malicious code in bioql PyPI...
CVE-2025-23114
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...
CVE-2025-23114
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...
The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.
The vulnerability of the Updater component in Google Chrome relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending a specially crafted malicious file...
CVE-2024-27460
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...
CVE-2024-27460
CVE-2024-27460 affects HP Plantronics Hub up to version 3.25.1, including the updater component. The Red Hat/NVD entries confirm a privilege-escalation vulnerability in the Plantronics Hub updater that can be triggered by a low-privileged user. Public PoCs and exploit listings describe an Arbitra...
CVE-2023-52094
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...
The vulnerability of the Updater service in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.
The vulnerability of the Updater service in Parallels Desktop operates due to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to elevate privileges and execute arbitrary code within the root context...
SUSE CVE-2016-5293
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...
CVE-2022-28944
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
Remote code execution
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
CVE-2019-17009
When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other...
Haystack Arq for Mac Local Elevation of Privilege Vulnerability
Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. auto-updater binary is one of the auto-updater components. A security vulnerability exists in the arqupdater binary in Haystack Arq 5.10 and earlier versions for Mac. A local attacker can exploit the vulnerabili...