EUVD-2025-27533

Malicious code in bioql PyPI...

CVE-2025-10213

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10213 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10213

CVE-2025-10213 is a DLL search path hijacking vulnerability affecting UPDF.exe on Windows (version 1.8.5.0). An attacker with local access can cause arbitrary code execution and persistence by placing a crafted dxtn.dll in the path C:\Users\AppData\Local\Microsoft\WindowsApps, exploiting the Wind...

PT-2025-37033

Name of the Vulnerable Software and Affected Versions: UPDF version 1.8.5.0 Description: A DLL search path hijacking issue exists in the UPDF.exe executable for Windows. An attacker with local access can execute arbitrary code by placing a malicious dxtn.dll file in the...

CVE-2025-49457

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access...

CVE-2024-46992 Electron ASAR Integrity bypass by just modifying the content

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the...

CVE-2025-30666 Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access...

SUSE CVE-2025-32780

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash...

CVE-2023-6235

An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of...

Duet Display Security Vulnerability

Duet Display is a remote desktop application. A security vulnerability exists in Duet Display version 2.5.9.1 that stems from the presence of an uncontrolled search path element vulnerability. An attacker can place an arbitrary libusk.dll file in the C:UsersuserAppDataLocalMicrosoftWindowsApps...

SUSE CVE-2019-8719

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting...

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced...

July 13, 2021—KB5004299 (Security-only update)

July 13, 2021—KB5004299 Security-only update Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

July 13, 2021—KB5004307 (Security-only update)

July 13, 2021—KB5004307 Security-only update Important: Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

July 13, 2021 Public preview security update (KB5004243)

July 13, 2021 Public preview security update KB5004243 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more...

DEBIAN-CVE-2019-8515

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information...

UBUNTU-CVE-2019-8726

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution...

DEBIAN-CVE-2018-4359

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...