RUSTSEC-2025-0139 theshit vulnerable to unsafe loading of user-owned Python rules when running as root

The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...

EUVD-2025-202416

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...

CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

PT-2025-45507

Name of the Vulnerable Software and Affected Versions Revenera InstallShield versions 2023 R2 through 2025 R1 Description A potential Denial of Service issue exists in Revenera InstallShield. When a local administrator performs an uninstall, a symbolic link may be followed during the removal of a...

EUVD-2019-3199

Malware in sbrugna...

EUVD-2017-6227

Malware in sbrugna...

EUVD-2020-3445

Malware in sbrugna...

EUVD-2021-21066

Malware in sbrugna...

EUVD-2021-21067

Malware in sbrugna...

EUVD-2017-8102

Malware in sbrugna...

EUVD-2025-27560

Malicious code in bioql PyPI...

EUVD-2022-31046

Malicious code in bioql PyPI...

EUVD-2024-48686

Malicious code in bioql PyPI...

EUVD-2025-22805

Malicious code in bioql PyPI...

CVE-2025-10198

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories...

CVE-2025-10198

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the DLL loading process. An attacker can execute arbitrary code by placing a malicious DLL in a user-writable directory that is included in the system PATH. Remediation Upgrade LizardByte/Sunshine to...

CVE-2025-10198 LizardBytes Sunshine for Windows contains a DLL search-order hijacking vulnerability

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories...

PT-2025-36904

Name of the Vulnerable Software and Affected Versions: Sunshine for Windows version v2025.122.141614 Description: Sunshine for Windows version v2025.122.141614 contains a DLL search-order hijacking vulnerability. This allows attackers to insert a malicious DLL into user-writable PATH directories...

Linux Distros Unpatched Vulnerability : CVE-2017-16933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privilege...