CVE-2026-42183

A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the rbacAuthorization function, affects Single Sign-On SSO users. When SSODELEGATERBACTONAMESPACE is enabled, an authenticated SSO user whose claims match a namespace-level Role-Based Access Control RBAC rule but not an...

CVE-2020-37229

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that...

EUVD-2021-34831

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute...

EUVD-2020-31230

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that...

CVE-2020-37229

OKI sPSV Port Manager 1.0.41 is affected by an unquoted service path vulnerability in the sPSVOpLclSrv service. The root cause is an unquoted path which allows local attackers to insert a malicious executable in the service’s directory; when the service restarts or the system reboots, the payload...

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

CVE-2026-42308

A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service DoS condition, making the application unavailable. Mitigation To...

GHSA-82RM-QCFX-2V78 Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r77c-2cmr-7p47. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media...

Duplicate Advisory: OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r77c-2cmr-7p47. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media...

CVE-2026-43583

OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery...

CVE-2026-43583

OpenClaw 2026.4.10 before 2026.4.14 fails to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery. Affected ver...

CVE-2026-5530

A flaw was found in Ollama. A remote attacker can exploit this vulnerability by manipulating the Model Pull API's server/download.go file. This can lead to Server-Side Request Forgery SSRF, allowing the attacker to force the server to make requests to arbitrary network locations. Mitigation To...

EUVD-2016-10871

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...

EUVD-2016-10865

Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...

EUVD-2016-10864

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

CVE-2016-20058

Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...

CVE-2016-20057

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

CVE-2016-20056 Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation

Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service...

PT-2026-30357

Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious...

PT-2026-30358

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...