Lucene search
K

728 matches found

OSV
OSV
added 2026/04/28 6:46 p.m.6 views

MAL-2026-3133 Malicious code in fetchapi-syncdata-pypi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d0dcf5bd5c71d077b3763c74d57d68d5517a2b5c5229fdd5bd6f7369cb2a0f49 The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

5.6AI score
Exploits0References4
OSV
OSV
added 2026/04/27 4:31 p.m.8 views

MAL-2026-3100 Malicious code in fetch-data-api-syncapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

5.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/27 4:31 p.m.9 views

Malicious code in fetch-data-api-syncapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

5.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34330

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NTSYSTEM privileges on boot. This issue affects all...

8.5CVSS5.9AI score0.00101EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33989

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:Program FilesCivetWebCivetWeb.e...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 5:19 a.m.31 views

CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

9.3CVSS0.0018EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/16 4:40 p.m.328 views

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS7.2AI score0.75197EPSS
Exploits28
NVD
NVD
added 2026/04/14 6:17 p.m.3 views

CVE-2026-32083

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

7CVSS0.002EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.7 views

Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

7CVSS6.4AI score0.002EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32794

CVE-2026-32068 Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privilege… https://t.co/txSwKIdsD7...

7CVSS6.4AI score0.00164EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/04/07 7:1 p.m.484 views

Windows Service for User (S4U) Scheduled Task Persistence - Logon Trigger

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-24296

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...

7CVSS5.9AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

SANYO DENKI SANUPS SOFTWARE 代码问题漏洞

SANYO DENKI SANUPS SOFTWARE is a software developed by SANYO DENKI Corporation in Japan. It is used for monitoring UPS devices, managing their operation, and analyzing power supply status. SANYO DENKI SANUPS SOFTWARE has code vulnerabilities; these vulnerabilities stem from the Windows service fi...

8.4CVSS6.9AI score0.00191EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 2:16 a.m.4 views

CVE-2026-4606

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

10CVSS0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 1:5 a.m.5 views

EUVD-2026-14346

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

10CVSS5.8AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/23 1:5 a.m.27 views

CVE-2026-4606 GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

10CVSS0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27040

Name of the Vulnerable Software and Affected Versions GV Edge Recording Manager version 2.3.1 Description The software improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. The software creates a Windows service...

10CVSS5.8AI score0.00298EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2017-18930

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS6.2AI score0.00141EPSS
Exploits1References8
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2017-20218

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS0.00141EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25736

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS6.2AI score0.00141EPSS
Exploits1References8
Rows per page
Query Builder