413 matches found
CVE-2026-8920
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
CVE-2026-8920
The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...
CVE-2026-8920
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
EUVD-2026-44586
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
CVE-2026-21043
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...
EUVD-2026-42814
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...
CVE-2026-21043
CVE-2026-21043 describes a path traversal in the Wallpaper service prior to SMR Jul-2026 Release 1, enabling local attackers with system server privileges to access files. Impact: Confidentiality affected (HIGH) as per Samsung’s CVSS; exploitation details and fixes are not provided in the connect...
CVE-2026-21043
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...
CVE-2026-21043
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...
EUVD-2026-34798
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...
CVE-2026-21026
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...
PT-2026-46916
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...
[SECURITY] Fedora 44 Update: plasma-login-manager-6.6.4-1.fc44
Plasma Login provides a display manager for KDE Plasma and with an new frontend providing a greeter, wallpaper plugin integration and a System Settings module KCM...
EUVD-2019-19899
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576 Kepler Wallpaper Script 1.1 SQL Injection via category
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576
CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...