BIT-POWERSHELL-2022-41076 PowerShell Remote Code Execution Vulnerability

PowerShell Remote Code Execution Vulnerability...

BIT-POWERSHELL-2022-26788 PowerShell Elevation of Privilege Vulnerability

PowerShell Elevation of Privilege Vulnerability...

BIT-POWERSHELL-2021-43896 Microsoft PowerShell Spoofing Vulnerability

Microsoft PowerShell Spoofing Vulnerability...

BIT-POWERSHELL-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

Photon OS 5.0: Powershell PHSA-2025-5.0-0577

An update of the powershell package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0577. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Exploit for Improper Restriction of XML External Entity Reference in Sysaid

From-EternalBlue-to-CVE-2025-2776-The-Evolution-of-an-SMB-Atta...

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named...

Linux Distros Unpatched Vulnerability : CVE-2022-39327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection...

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR: WinRAR path traversal allowing arbit...

CVE-2025-9016

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is...

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerabilit...

CVE-2025-9016

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is...

CVE-2025-9016

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is...

CVE-2025-9016 Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is...

CVE-2025-9016 Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path

A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is...

CVE-2025-9016

CVE-2025-9016 concerns Mechrevo Control Center GX V2 (version 5.56.51.48). The vulnerability arises in the Powershell Script Handler component, specifically the file path C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command, where an uncontrolled search path condition is reported....

Mechrevo Control Center GX V2 安全漏洞

Mechrevo Control Center GX V2 is a system level control software from China-based Mechrevo. A security vulnerability exists in Mechrevo Control Center GX V2 version 5.56.51.48, which originates from an uncontrolled search path in the component Powershell Script Handler...

PT-2025-33449 · Unknown · Mechrevo Control Center Gx V2

Name of the Vulnerable Software and Affected Versions: Mechrevo Control Center GX V2 version 5.56.51.48 Description: A vulnerability was identified that leads to an uncontrolled search path within the Powershell Script Handler component. The vulnerability affects the file C:Program...