Total
188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-45058 | 2026-06-01 | N/A | N/A | ||
| electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied. | |||||
| CVE-2026-9037 | 2026-05-29 | N/A | N/A | ||
| A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device. | |||||
| CVE-2026-9089 | 1 Connectwise | 1 Automate | 2026-05-22 | N/A | 8.8 HIGH |
| The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5. | |||||
| CVE-2026-42249 | 2 Microsoft, Ollama | 2 Windows, Ollama | 2026-05-18 | N/A | 9.8 CRITICAL |
| Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These values are passed directly to filepath.Join, allowing path traversal sequences (../) to be resolved and enabling files to be written outside the intended update staging directory. An attacker who can influence update responses can exploit this flaw to write arbitrary executables to attacker‑chosen locations accessible to the current user, including the Windows Startup directory. This allows execution of arbitrary executables. Critically, when chained with CVE‑2026‑42248 (Missing Signature Verification for Updates), an attacker can deliver malicious payloads that are written to sensitive locations and executed automatically. Because Ollama for Windows performs silent automatic updates and executes staged binaries without user interaction, this results in automatic and persistent code execution without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable. | |||||
| CVE-2026-42248 | 2 Microsoft, Ollama | 2 Windows, Ollama | 2026-05-18 | N/A | 9.8 CRITICAL |
| Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable. | |||||
| CVE-2025-10539 | 1 Draugiemgroup | 1 Desktime Time Tracking | 2026-05-18 | N/A | 4.8 MEDIUM |
| Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the attacker to achieve user-level remote code execution on the affected client. | |||||
| CVE-2026-42575 | 2026-05-13 | N/A | 7.5 HIGH | ||
| apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString(), and the downloaded package control hash is computed, but the two values are never compared in getPackageImpl(). Mismatched packages are silently accepted. An attacker who can substitute download responses (compromised mirror, HTTP repository, poisoned CDN cache) can install arbitrary packages into built images. This issue has been patched in version 1.2.7. | |||||
| CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2026-05-13 | 5.8 MEDIUM | 7.1 HIGH |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | |||||
| CVE-2017-12306 | 1 Cisco | 1 Conference Director | 2026-05-13 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | |||||
| CVE-2017-2739 | 1 Huawei | 1 Vmall | 2026-05-13 | 2.9 LOW | 3.1 LOW |
| The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | |||||
| CVE-2017-13083 | 1 Akeo | 1 Rufus | 2026-05-13 | 6.8 MEDIUM | 5.3 MEDIUM |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||||
| CVE-2025-56513 | 1 Nicehash | 1 Quickminer | 2026-05-11 | N/A | 9.8 CRITICAL |
| NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. NOTE: the Supplier reports that the existence of an http://update.nicehash.com URL is a fabrication, and that there is no other use of HTTP (rather than HTTPS). | |||||
| CVE-2014-2378 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2026-05-06 | 6.5 MEDIUM | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2026-32148 | 1 Hex | 1 Hex | 2026-05-05 | N/A | 5.9 MEDIUM |
| Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However, Hex.RemoteConverger.verify_resolved/2 never executes checksum verification because the lock data returned by Hex.Utils.lock/1 uses string-based dependency names, while the verification logic compares against atom-based names. This type mismatch causes the verification code path to be silently skipped. Checksums are still validated when packages are initially downloaded from the registry, but mismatches between the lockfile and resolved dependencies are not detected. An attacker who can influence cached packages (e.g., via local cache poisoning or a compromised registry) can provide modified dependency contents that will be accepted without detection. The mix.lock file is silently rewritten with the checksum values from the registry, erasing evidence of tampering. This issue affects hex: from 0.16.0 before 2.4.2. | |||||
| CVE-2026-40066 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 8.8 HIGH |
| Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | |||||
| CVE-2008-3438 | 1 Apple | 1 Mac Os X | 2026-04-23 | 7.5 HIGH | 8.1 HIGH |
| Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3324 | 1 Party Gaming | 1 Party Poker Client | 2026-04-23 | 7.6 HIGH | 8.1 HIGH |
| The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2026-34841 | 1 Usebruno | 1 Bruno | 2026-04-22 | N/A | 9.8 CRITICAL |
| Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1 | |||||
| CVE-2026-3428 | 2026-04-17 | N/A | N/A | ||
| A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substituted for a legitimate one immediately after download, and subsequently executed with administrative privileges upon user consent. Refer to the 'Security Update for ASUS Member Center' section on the ASUS Security Advisory for more information. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2026-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||