CVE-2016-20091 Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with...

Security Advisory 0139

Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...

CVE-2026-2563

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function setstcreenendeabledstatus/getstatus of the file /f/service/controlDevice of the component jdcapprpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the...

PT-2026-6743

SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:Program Files x86ISSSecurOS to insert malicious code that would execute with...

EUVD-2005-3034

Malware in sbrugna...

EUVD-1999-1492

Malware in sbrugna...

EUVD-2005-3035

Malware in sbrugna...

EUVD-2021-1841

Malware in sbrugna...

EUVD-2024-32842

Malicious code in bioql PyPI...

PT-2025-37050

Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE Server-Sent Events protocol. Recommendations: At the moment, there is no...

The vulnerability of the dcpd service in the microprogramming software of Siemens Scalance LPE9403 allows a hacker to trigger a maintenance failure.

The vulnerability of the dcpd service in Siemens Scalance LPE9403 microprogramming software is related to errors in pointer assignment. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending specially crafted malware packages...

CVE-2005-3035

Compuware DriverStudio Remote Control service DSRsvc.exe 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service reboot via a UDP packet sent directly to port 9110...

CVE-2005-3034

Compuware DriverStudio Remote Control service DSRsvc.exe 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session...

CVE-2024-56317

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by...

PLANET switch devices 资源管理错误漏洞

PLANET switch devices are a series of switch devices from PLANET China. A resource management error vulnerability exists in PLANET switch devices, which stems from a denial of service vulnerability in the swctrl service that allows an unauthenticated, remote attacker to send crafted packets causi...

PLANET switch devices 加密问题漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. PLANET switch devices suffers from an encryption issue vulnerability, which arises from the authentication token used when communicating with the swctrl service as an encoded user password, which is not strong...

Longse NVR Security Vulnerability

Longse NVR is a series of network video recorders from China-based Longse Technology Longse. A security vulnerability exists in the Longse NVR that stems from transmitting a user's login and password to a remote control service without the use of any encryption, allowing an attacker to eavesdrop ...

LoLLMs Cross-Site Request Forgery Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site request forgery vulnerability exists in LoLLMs version 9.6 and prior versions, which stems from a lack of cross-site request forgery protection in the Elastic Search Service, XTTS...

The vulnerability of the access control service for remote catalogs and the SSSD authentication mechanism, related to incorrect authorization, allows a perpetrator to trigger a service failure.

The vulnerability of the access control service for remote catalogs and the SSSD authentication mechanism are related to a status error that causes the GPO policy not to be applied consistently to authenticated users. Exploiting this vulnerability could allow a malicious actor to cause service...

CVE-2024-4292

A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f lead...