MAL-2026-4348 Malicious code in api-rs-node (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

Electron 注入漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.1,...

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

Windows Registry Persistence via Userinit

This module will install a payload that is executed during user logon. It writes a payload executable to disk and modifies the Userinit registry value in "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" to append the payload path, causing it to execute when any user logs in. Module...

CVE-2025-13919

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

PT-2026-5143

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 14.3 RU10 Patch 1 Symantec Endpoint Protection versions prior to 14.3 RU9 Patch 2 Symantec Endpoint Protection versions prior to 14.3 RU8 Patch 3 Description The software may be susceptible to a C...

CVE-2023-25134

McAfee Total Protection prior to 16.0.50 may allow an adversary with full administrative access to modify a McAfee specific Component Object Model COM in the Windows Registry. This can result in the loading of a malicious payload...

CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...

CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded in...

CVE-2026-20893

Summary: CVE-2026-20893 is an origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 up to and including 2.0.25.0. The issue allows a user who can log in to the Windows system hosting the affected product to execute arbitrary code with SYSTEM privileges and/or modify r...

CVE-2025-8304

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304 Information Disclosure in Identity Agent Registry Keys

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

CVE-2025-8304 Information Disclosure in Identity Agent Registry Keys

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server...

Assistive Technologies Persistence

This module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin prived program. Requires Windows 8 or higher and administrative privileges...

PT-2025-51763

Name of the Vulnerable Software and Affected Versions FileMaker Server versions prior to 22.0.4 Description The FileMaker Server software is susceptible to an issue related to IIS short filename enumeration. Attackers can potentially discover hidden files and directories by leveraging the tilde...

CVE-2025-35054

CVE-2025-35054 affects Newforma Info Exchange (NIX). The root issue is insufficient protection of credentials stored in HKLM\Software\WOW6432Node\Newforma\Credentials, where both the credentials and the encryption key reside in the same registry location. Authenticated users can access both, and ...

EUVD-2005-2766

Malware in sbrugna...

EUVD-2004-2626

Malware in sbrugna...