200
CVEs
31
Threats
0
News
83
Critical
83
CISA KEV
🛡 Security Vulnerabilities (CVE)
Apple OS X Authentication Bypass Vulnerability — The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability — The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Microsoft Windows Remote Code Execution Vulnerability — A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
Microsoft Win32k Privilege Escalation Vulnerability — An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.
Microsoft Windows Mount Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Microsoft Office Uninitialized Memory Use Vulnerability — Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
D-Link DIR-645 Router Remote Code Execution Vulnerability — D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability — Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
Microsoft Win32k Privilege Escalation Vulnerability — Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
CVE-2015-2387
Microsoft ATM Font Driver Privilege Escalation Vulnerability (CVE-2015-2387)
11:01 KSA
Microsoft ATM Font Driver Privilege Escalation Vulnerability — ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Microsoft Internet Explorer Memory Corruption Vulnerability — JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Microsoft PowerPoint Memory Corruption Vulnerability — Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
Microsoft Internet Explorer Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Microsoft Office Malformed EPS File Vulnerability — Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Microsoft Win32k Memory Corruption Vulnerability — The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability — An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
TP-Link Multiple Archer Devices Directory Traversal Vulnerability — Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Adobe Flash Player Memory Corruption Vulnerability — A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability — Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability — Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
CVE-2015-4495
Firefox Same Origin Policy Bypass - Arbitrary File Read & Privilege Escalation
11:01 KSA
Mozilla Firefox Security Feature Bypass Vulnerability — Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability — Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Oracle Java SE Integrity Check Vulnerability — Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.
Adobe Flash Player Use-After-Free Vulnerability — A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Adobe Flash Player Use-After-Free Vulnerability — Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Adobe Flash Player Use-After-Free Vulnerability — Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Jenkins User Interface (UI) Information Disclosure Vulnerability — Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
Microsoft Windows Kernel Privilege Escalation Vulnerability — The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands
Adobe Flash Player Arbitrary Code Execution Vulnerability — Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Juniper ScreenOS Improper Authentication Vulnerability — Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.
Adobe Flash Player Integer Overflow Vulnerability — Integer overflow in Adobe Flash Player allows attackers to execute code.
Microsoft Silverlight Runtime Remote Code Execution Vulnerability — Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Microsoft Windows Kernel Privilege Escalation Vulnerability — The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this v…
Microsoft Windows CSRSS Security Feature Bypass Vulnerability — The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Microsoft Internet Explorer Information Disclosure Vulnerability — An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
Microsoft Windows Media Center Remote Code Execution Vulnerability — Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Microsoft Internet Explorer Memory Corruption Vulnerability — The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Ruby on Rails Directory Traversal Vulnerability — Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Adobe Flash Player and AIR Use-After-Free Vulnerability — Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
PHPMailer Command Injection Vulnerability — PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute…
Adobe Flash Player and AIR Integer Overflow Vulnerability — Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability — The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Adobe Flash Player Arbitrary Code Execution Vulnerability — Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
D-Link DCS-930L Devices OS Command Injection Vulnerability — setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
NETGEAR Multiple WAP Devices Command Injection Vulnerability — Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Google Chromium V8 Out-of-Bounds Read Vulnerability — Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability coul…
D-Link DSL-2750B Devices Command Injection Vulnerability — D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
SAP NetWeaver SQL Injection Vulnerability — SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SAP NetWeaver Information Disclosure Vulnerability — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
Apache ActiveMQ Improper Input Validation Vulnerability — The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
D-Link Multiple Routers OS Command Injection Vulnerability — Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
Exim Buffer Overflow Vulnerability — Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability — VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.
MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability — In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the sys…
Drupal Core Remote Code Execution Vulnerability — Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
Drupal Core Remote Code Execution Vulnerability — A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Schneider Electric U.motion Builder SQL Injection Vulnerability — A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability — A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
ChakraCore Scripting Engine Type Confusion Vulnerability — The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.
Microsoft Scripting Engine Memory Corruption Vulnerability — A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability — An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability — An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Microsoft Windows Shell Remote Code Execution Vulnerability — A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Microsoft Windows Privilege Escalation Vulnerability — An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
Microsoft Exchange Server Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
Microsoft Windows Kernel Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability — Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerabi…
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Paessler PRTG Network Monitor OS Command Injection Vulnerability — Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.
Apache Solr DataImportHandler Code Injection Vulnerability — The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Apache HTTP Server Privilege Escalation Vulnerability — Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges o…
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability — SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.
CVE-2026-33208
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /co
21:48 KSA
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that i…
CVE-2026-40885
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials thr
21:48 KSA
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is…
CVE-2026-41352
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node
09:32 KSA
OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairin…
CVE-2026-41463
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality
02:18 KSA
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory tra…
CVE-2026-6741
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Esca
06:48 KSA
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, w…
CVE-2026-6988
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the f
15:36 KSA
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack r…
CVE-2026-7019
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file
15:36 KSA
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploi…
CVE-2026-7029
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /g
15:36 KSA
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has…
CVE-2026-7030
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file
15:36 KSA
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclo…
CVE-2026-7031
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/Safe
15:36 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be …
CVE-2026-7032
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilte
17:18 KSA
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-7033
A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilte
17:18 KSA
A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exp…
CVE-2026-7034
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file
17:18 KSA
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated rem…
CVE-2026-7096
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of
00:06 KSA
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely…
CVE-2026-7097
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the fi
00:06 KSA
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The…
CVE-2026-7098
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the fil
00:06 KSA
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The explo…
CVE-2026-7099
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /gof
00:06 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. …
CVE-2026-7100
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Nat
00:06 KSA
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may …
CVE-2026-7101
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/Wrl
00:06 KSA
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to th…
CVE-2026-7106
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to a
00:06 KSA
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update act…
CVE-2026-7119
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCoun
02:18 KSA
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may …
CVE-2026-7082
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file
00:06 KSA
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The ex…
CVE-2026-7081
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDh
00:06 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The e…
CVE-2026-7080
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the f
17:54 KSA
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The e…
CVE-2026-7079
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSet
13:48 KSA
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made av…
CVE-2026-7078
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the fil
05:32 KSA
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit h…
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been pu…
CVE-2026-7151
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6
06:48 KSA
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publ…
CVE-2026-7068
A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c o
23:00 KSA
A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available a…
CVE-2026-40583
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vo
21:48 KSA
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.
CVE-2026-40883
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forger
21:48 KSA
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete an…
CVE-2026-41353
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attac
09:32 KSA
OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating bro…
CVE-2026-5364
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions
09:32 KSA
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be cont…
CVE-2026-7069
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the fil
23:00 KSA
A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be …
CVE-2016-20060
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attac
21:54 KSA
Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system rebo…
CVE-2019-25266
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local at
04:01 KSA
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in spec…
CVE-2019-25267
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute
04:01 KSA
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables tha…
CVE-2019-25269
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attacker
04:01 KSA
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory loca…
CVE-2019-25271
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configur
04:01 KSA
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific director…
CVE-2019-25272
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows loca
04:01 KSA
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject maliciou…
CVE-2019-25273
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attac
04:01 KSA
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious …
CVE-2019-25274
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local at
04:01 KSA
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem …
CVE-2019-25275
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to poten
04:01 KSA
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file …
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Servic
04:01 KSA
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Softw…
CVE-2019-25281
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows loc
04:01 KSA
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malic…
CVE-2019-25283
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary
04:01 KSA
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or …
CVE-2019-25285
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorServic
04:01 KSA
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level acc…
CVE-2019-25286
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentia
04:01 KSA
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that w…
CVE-2019-25287
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService th
04:01 KSA
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Compa…
CVE-2019-25288
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute mali
04:01 KSA
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the syste…
CVE-2019-25292
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potenti
04:01 KSA
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious…
CVE-2019-25293
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service tha
04:01 KSA
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorServic…
CVE-2019-25302
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows loca
04:01 KSA
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to in…
CVE-2019-25304
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local user
04:01 KSA
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code …
CVE-2019-25305
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privi
04:01 KSA
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
CVE-2019-25306
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially e
04:01 KSA
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would exe…
CVE-2019-25307
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows loc
04:01 KSA
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSy…
CVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration.
04:01 KSA
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations…
CVE-2019-25309
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potenti
04:01 KSA
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious exe…
CVE-2019-25310
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that
04:01 KSA
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launch…
CVE-2019-25612
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local a
11:22 KSA
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the Sy…
CVE-2019-25679
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Ec
17:08 KSA
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP…
CVE-2020-36933
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers
04:01 KSA
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2020-36934
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allo
04:01 KSA
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkServic…
CVE-2020-36935
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local
04:01 KSA
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious …
CVE-2020-36936
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attac
04:01 KSA
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.
CVE-2020-36937
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows loc
04:01 KSA
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevate…
CVE-2020-36952
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute
04:01 KSA
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execu…
CVE-2020-36953
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attacke
04:01 KSA
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject maliciou…
CVE-2020-36957
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attac
04:01 KSA
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2020-36958
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local
04:01 KSA
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executab…
CVE-2020-36959
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute a
04:01 KSA
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with Lo…
CVE-2020-36980
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allow
04:01 KSA
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path…
CVE-2020-36981
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users
04:01 KSA
Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated sy…
CVE-2020-36982
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that
04:01 KSA
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with ele…
CVE-2020-36983
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arb
04:01 KSA
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privil…
CVE-2020-36984
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute
04:01 KSA
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject ma…
CVE-2020-36985
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows loc
04:01 KSA
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated Local…
CVE-2020-36986
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elev
04:01 KSA
Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reb…
CVE-2020-36987
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local at
04:01 KSA
Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executable…
CVE-2020-36989
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to pote
04:01 KSA
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code th…
CVE-2020-36990
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows lo
04:01 KSA
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious exec…
CVE-2020-36991
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitra
04:01 KSA
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system direc…
CVE-2020-36992
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to
04:01 KSA
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with Lo…
CVE-2020-37016
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with eleva
04:01 KSA
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with Lo…
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by
04:01 KSA
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest syst…
CVE-2020-37021
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local a
04:01 KSA
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during ser…
CVE-2020-37030
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arb
04:01 KSA
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files (x86)\Outline to inject malicious code that woul…
CVE-2020-37037
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execut
04:01 KSA
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with Lo…
CVE-2020-37045
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows l
04:01 KSA
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malici…
CVE-2020-37047
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows
04:01 KSA
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe …
CVE-2020-37048
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users
04:01 KSA
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious execut…
CVE-2020-37055
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary cod
04:01 KSA
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain el…
CVE-2020-37058
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration.
04:01 KSA
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.
CVE-2020-37059
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentia
04:01 KSA
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed wi…
CVE-2020-37060
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows atta
04:01 KSA
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to…
CVE-2020-37061
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute
04:01 KSA
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the servi…
CVE-2020-37062
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute ar
04:01 KSA
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service s…
CVE-2020-37063
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute a
04:01 KSA
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launch…
CVE-2020-37064
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allo
04:01 KSA
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projectio…
CVE-2020-37098
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute ar
04:01 KSA
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be …
CVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows l
04:01 KSA
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inj…
CVE-2020-37100
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute ar
04:01 KSA
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations …
CVE-2020-37101
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious execut
04:01 KSA
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gai…
CVE-2020-37102
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows loc
04:01 KSA
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSy…
CVE-2021-47761
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service ex
04:01 KSA
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when th…
CVE-2021-47762
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute
04:01 KSA
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and …
CVE-2021-47780
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrar
04:01 KSA
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with Local…
CVE-2021-47803
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attacke
04:01 KSA
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when …
CVE-2021-47804
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with Lo
04:01 KSA
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges whe…
CVE-2021-47805
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows loca
04:01 KSA
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run …
CVE-2021-47822
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows lo
04:01 KSA
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to …
CVE-2021-47823
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute
04:01 KSA
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with Loc…
CVE-2021-47825
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code
04:01 KSA
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run wi…
CVE-2021-47826
Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows
04:01 KSA
Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicio…
CVE-2021-47828
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers c
04:01 KSA
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.
CVE-2021-47829
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local
04:01 KSA
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject maliciou…
⚠️ Threat Intelligence
31 threats
rss:Dark Reading
—
02:48 KSA
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
A newly discovered threat actor UNC6692 is conducting sophisticated multipronged attacks combining social engineering, custom 'Snow' malware, and abuse of legitimate cloud services including Microsoft Tea…
rss:BleepingComputer
—
02:48 KSA
Alleged Silk Typhoon hacker extradited to US for cyberespionage
A Chinese national has been extradited from Italy to the United States to face charges related to cyberespionage operations attributed to Chinese intelligence services. This case highlights the pers…
rss:BleepingComputer
—
02:48 KSA
Canada arrests three for operating “SMS blaster” device in Toronto
Canadian authorities arrested three individuals operating an SMS blaster device that impersonates cellular towers to send phishing text messages to nearby mobile phones. This attack method poses …
rss:BleepingComputer
—
23:18 KSA
FTC: Americans lost over $2.1 billion to social media scams in 2025
The FTC reported that Americans lost over $2.1 billion to social media scams in 2025, representing a significant increase since 2020. This surge in financial losses highlights the growing sophis…
rss:Dark Reading
—
22:16 KSA
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
A critical architectural vulnerability in Windows RPC mechanism allows attackers to exploit five different privilege escalation paths when connecting to unavailable services. This unpa…
rss:The Hacker News
—
22:16 KSA
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
This weekly recap highlights multiple cybersecurity threats including Fast16 malware, XChat tool launch, federal backdoor concerns, and AI-based employee tracking sys…
rss:The Hacker News
—
22:16 KSA
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Checkmarx disclosed that a cybercriminal group published company data on the dark web following a supply chain security incident on March 23. The investigation indicates the compr…
rss:BleepingComputer
—
22:16 KSA
PyPI package with 1.1M monthly downloads hacked to push infostealer
A popular Python package 'elementary-data' on PyPI with 1.1 million monthly downloads was compromised by attackers who injected malicious code to steal sensitive developer information and crypto…
rss:BleepingComputer
—
21:10 KSA
Webinar: Spotting cyberattacks before they begin
BleepingComputer is hosting a webinar featuring threat intelligence experts discussing early warning signs and detection methods for cyberattacks. The session aims to help security teams identify and prevent attac…
rss:BleepingComputer
—
21:10 KSA
Home security giant ADT data breach affects 5.5 million people
The ShinyHunters extortion group breached ADT's systems and stole personal information of 5.5 million individuals. This data breach represents a significant compromise of customer personal data by a …
rss:SecurityWeek
—
20:00 KSA
Incomplete Windows Patch Opens Door to Zero-Click Attacks
A Windows vulnerability with an incomplete patch has been exploited by Russia-linked APT28 group in targeted attacks against Ukraine and EU countries. The zero-click attack capability poses significant ri…
rss:Dark Reading
—
20:00 KSA
Parsing Agentic Offensive Security's Existential Threat
Security experts express concerns that advanced frontier LLMs such as Claude Mythos and GPT-5.5 could potentially enable unprecedented cybersecurity threats and attacks. However, some analysts view thi…
rss:Dark Reading
—
20:00 KSA
Parsing Agentic Offensive Security's Existential Threat
Security experts express concerns that advanced frontier LLMs like Claude Mythos and GPT-5.5 could pose existential threats to cybersecurity through autonomous offensive capabilities. However, some ana…
rss:Dark Reading
—
20:00 KSA
20-Year-Old Malware Rewrites History of Cyber Sabotage
Researchers discovered a malware framework called 'fast16' that predates the Stuxnet attack by 5 years, representing a significant historical finding in cyber sabotage. This discovery reshapes understanding …
rss:BleepingComputer
—
20:00 KSA
Money launderer linked to $230M crypto heist gets 70 months in prison
A 22-year-old individual was sentenced to 70 months in prison for money laundering activities related to a $230 million cryptocurrency heist. This case highlights the criminal ecosystem surrou…
rss:BleepingComputer
—
20:00 KSA
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Deepfake voice technology enables attackers to clone voices using just three seconds of audio, allowing them to conduct sophisticated fraud attacks that trick employees into transfe…
rss:BleepingComputer
—
20:00 KSA
Medtronic confirms breach after hackers claim 9 million records theft
Medical device manufacturer Medtronic confirmed a significant data breach affecting its corporate IT systems with hackers claiming to have stolen approximately 9 million records. This breach p…
rss:SecurityWeek
—
18:55 KSA
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
Google reports an increase in AI prompt injection attacks targeting large language models, though most attempts remain unsophisticated. The analysis reveals that while many in…
rss:SecurityWeek
—
18:55 KSA
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
A critical vulnerability in OpenSSH was discovered that allows attackers to gain full root shell access through a code reuse flaw. The vulnerability exploited comma characters in certificate princi…
rss:The Hacker News
—
18:55 KSA
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers identified 73 malicious Visual Studio Code extensions on the Open VSX repository that distribute GlassWorm v2 information-stealing malware. These extensions …
rss:The Hacker News
—
18:55 KSA
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Pro-Ukrainian hacktivist group PhantomCore has been actively exploiting TrueConf video conferencing vulnerabilities to breach Russian networks since September 2025. The attacks leverage unp…
rss:The Hacker News
—
18:55 KSA
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Anthropic's Claude Mythos AI system demonstrates advanced vulnerability discovery capabilities at scale, raising concerns about organizations' ability to va…
rss:BleepingComputer
—
18:55 KSA
Microsoft says Outlook.com outage is causing sign‑in failures
Microsoft is investigating an Outlook.com service outage causing intermittent sign-in failures and preventing users from accessing their email accounts. This incident impacts email accessibility for o…
rss:SecurityWeek
—
17:54 KSA
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
Threat actor UNC6692 deployed the Snow malware family (Snowbelt, Snowglaze, Snowbasin) using email bombing and social engineering tactics to establish persistent access to victim systems. Th…
rss:SecurityWeek
—
17:54 KSA
Energy and Water Management Firm Itron Hacked
Itron, a critical infrastructure provider serving utilities and cities globally, discovered unauthorized access to its systems on April 13. This breach affects energy and water management operations worldwide and pos…
rss:SecurityWeek
—
16:43 KSA
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
The US government has launched a comprehensive crackdown on Southeast Asian cyberscam operations, including sanctions against a Cambodian senator involved in facilitating…
rss:SecurityWeek
—
16:43 KSA
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
A race condition vulnerability in PackageKit allows unprivileged users to escalate privileges and gain root access during package installation. This easily exploitable vulnerability poses…
rss:SecurityWeek
—
15:18 KSA
Firefox Vulnerability Allows Tor User Fingerprinting
A vulnerability (CVE-2026-6770) in Firefox has been discovered that allows attackers to fingerprint Tor users, potentially compromising their anonymity. The vulnerability has been patched in Firefox 150 and To…
rss:The Hacker News
—
15:18 KSA
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have exposed a telecommunications fraud campaign exploiting fake CAPTCHA verification to trick users into sending international SMS messages, resulting in u…
rss:Malwarebytes Lab
—
13:16 KSA
A week in security (April 20 &#8211; April 26)
This article provides a weekly security digest covering various cybersecurity topics and incidents from April 20-26, 2026. It serves as a consolidated overview of significant security events and threats identifi…
rss:Dark Reading
—
06:01 KSA
Helping Romance Scam Victims Require a Proactive, Empathic Approach
Romance scams represent a significant social engineering threat where victims face psychological manipulation and financial losses. The article emphasizes the need for coordinated response from …
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, April 27, 2026
CVE Archive ·
Threats ·
News