CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

CVE-2026-23762

CVE-2026-23762 affects VB-Audio Voicemeeter, Voicemeeter Banana, Voicemeeter Potato (and Matrix variants) with vulnerable virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, vbaudio_vmvaio3*.sys). The flaw maps non-paged pool memory i...

CVE-2026-23763 VB-Audio Matrix Drivers Local Privilege Escalation via Kernel Memory Exposure

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut contain a local privilege escalation in the VBMatrix VAIO virtual audio driver (vbmatrixvaio64*_win10.sys) for versions ending in 1.0.2.2 and 2.0.2.2 and earlier. The driver allocates a 128-byte non-paged pool buffer; on IOCTL 0x222060 it maps that buffer into u...

CVE-2026-23763 VB-Audio Matrix Drivers Local Privilege Escalation via Kernel Memory Exposure

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

CVE-2026-23763

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

VB-Audio Matrix security vulnerabilities

VB-Audio Matrix is a real-time audio routing software developed by the French company VB-Audio. Versions of VB-Audio Matrix 1.0.2.2 and earlier, as well as 2.0.2.2 and earlier versions, contain security vulnerabilities. These vulnerabilities stem from the VBMatrix VAIO virtual audio driver, where...

PT-2026-3953

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64 win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOC...

EUVD-2008-0498

Malware in sbrugna...

Malicious code in jingtong-vb-heike-biancheng (npm)

The package jingtong-vb-heike-biancheng was found to contain malicious code...

MAL-2025-44787 Malicious code in jingtong-vb-heike-biancheng (npm)

The package jingtong-vb-heike-biancheng was found to contain malicious code...

MAL-2025-10560 Malicious code in @zalastax/nolb-_vb (npm)

The package @zalastax/nolb-vb was found to contain malicious code...

Malicious code in @zalastax/nolb-_vb (npm)

The package @zalastax/nolb-vb was found to contain malicious code...

CVE-2025-8155

A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. The attack can...

D-Link DCS-6010L 代码注入漏洞

The D-Link DCS-6010L is a webcam from China AUO D-Link. A code injection vulnerability exists in the D-Link DCS-6010L version 1.15.03, which stems from cross-site scripting due to incorrect manipulation of the parameter paratest in the file /vb.htm in the management application component...

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A new attack campaign dubbed CLOUDREVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUDREVERSER inherently involves command-and-control-like activities by using Google...

Remcos RAT Spreading Through Adult Games in New Attack Wave

The remote access trojan RAT known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download, and share files in the country. While webhards...

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar and Antonio Ribeiro · August 10, 2023 Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool called NetSupport Manager...