EUVD-2026-11595

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers...

CVE-2026-21672

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers...

MailEnable 安全漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...

MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

EUVD-2025-29071

Malicious code in bioql PyPI...

CVE-2025-4235

The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

eSigna 安全漏洞

eSigna is a Windows-based analytical application for investors and traders from eSigna, Inc. A security vulnerability exists in eSigna versions 1.0 through 1.5 that stems from improper access control of the component eSignaViewer, which could lead to arbitrary file access...

Malwarebytes Anti-Malware 后置链接漏洞

Malwarebytes Anti-Malware is a Windows-based security protection software from Malwarebytes. The software is capable of detecting and removing ransomware, malware, and more. Malwarebytes Anti-Malware suffers from a backlink vulnerability that stems from the presence of a local elevation of...

New Winos4.0 Malware Targeting Windows via Fake Gaming Apps

A sophisticated malware called Winos4.0 is being disguised as harmless gaming applications to infiltrate Windows-based systems. Learn about…...

PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic SADR cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious Androi...

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

CVE-2023-5719

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

CVE-2023-5719 Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

CISA Announces Launch of Logging Made Easy

Today, CISA announces the launch of a new version of Logging Made Easy LMElink is external, a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber...

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the...

Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF fil...