Lucene search
+L

405 matches found

EUVD
EUVD
added 2025/11/28 2:31 a.m.5 views

EUVD-2025-199846

DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability...

7.3CVSS6.4AI score0.00065EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.7 views

PT-2025-48300

Name of the Vulnerable Software and Affected Versions versions prior to 2025-58316 Description A denial-of-service condition exists in the video-related system service module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no information abo...

7.3CVSS6.4AI score0.00065EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.6 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in the Huawei HarmonyOS video-related system service module, which can be exploited by attackers to affect...

7.3CVSS6.4AI score0.00065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.6 views

PT-2025-48118

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation...

7.2CVSS6.7AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 2:51 p.m.4 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.7AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:31 p.m.5 views

EUVD-2025-37984

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.2AI score0.0013EPSS
Exploits0References2
CVE
CVE
added 2025/11/06 2:27 p.m.22 views

CVE-2025-37735

CVE-2025-37735 affects Elastic Defend on Windows. The issue is improper preservation of permissions in the Defend service (running as SYSTEM), which can lead to arbitrary file deletions and in some cases local privilege escalation. Affected versions include up to 8.19.5 and 9.0.0–9.1.5; fixed in ...

7CVSS6.4AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.7 views

PT-2025-45184

Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description An issue exists in Elastic Defend on Windows hosts where improper preservation of permissions can allow the Defend service, running as SYSTEM, to delete arbitrary files on the system...

7CVSS7.5AI score0.0013EPSS
Exploits0References11
CVE
CVE
added 2025/11/04 4:23 a.m.14 views

CVE-2025-12683

Summary: CVE-2025-12683 affects the Everything software stack where a service (running as SYSTEM) communicates with the Everything GUI over a named pipe that has a NULL DACL. This configuration grants all users full permissions on the named pipe, enabling potential privilege escalation for a loca...

8.8CVSS6.3AI score0.0009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 4:23 a.m.1 views

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

8.8CVSS6.3AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 4:23 a.m.10 views

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

8.8CVSS0.0009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 5:1 p.m.3 views

CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability

...

7CVSS6.6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 5:1 p.m.29 views

CVE-2025-58725

CVE-2025-58725 is described in connected documents as a heap-based buffer overflow in Windows COM that allows a locally authenticated attacker to elevate privileges. The CVE is associated with Windows COM components, with a CVSS v3.1 score of 7.0 (Local, High impact, Privilege escalation) and Exp...

7CVSS7AI score0.00236EPSS
Exploits0References1Affected Software16
RedhatCVE
RedhatCVE
added 2025/10/08 9:16 p.m.12 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS5.6AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2025/10/07 2:15 p.m.5 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS0.00215EPSS
Exploits1References5
OSV
OSV
added 2025/10/07 2:15 p.m.5 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS5.9AI score0.00215EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-5297

Malware in sbrugna...

6CVSS6.4AI score0.00907EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-0519

Malware in sbrugna...

7.6CVSS6.4AI score0.02966EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20806

Malware in sbrugna...

7.8CVSS7.5AI score0.00417EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-15760

Malware in sbrugna...

9.3CVSS8.8AI score0.0053EPSS
Exploits1References2
Rows per page
Query Builder