220 matches found
CVE-2025-7619
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
CVE-2025-7619
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
PT-2025-29415 · Wellchoose · Batchsigncs
Name of the Vulnerable Software and Affected Versions: BatchSignCS affected versions not specified Description: BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running,...
CVE-2025-33069
CVE-2025-33069 affects Windows App Control for Business (WDAC). The root cause is improper verification of cryptographic signatures in WDAC, enabling a local attacker to bypass the security feature. The vulnerability is categorized as a security feature bypass with medium severity (CVSS 3.1: Loca...
CVE-2024-54540
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app...
CVE-2024-9949
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application...
CVE-2023-29059
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX...
CVE-2023-2331
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...
CVE-2023-32351
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges...
CVE-2022-40298
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell...
CVE-2022-34100
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...
CVE-2022-34102
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...
CVE-2022-34101
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack...
CVE-2021-25509
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders...
CVE-2020-13885
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
CVE-2019-9963
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap...
CVE-2019-9896
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...