405 matches found
EUVD-2025-199846
DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2025-48300
Name of the Vulnerable Software and Affected Versions versions prior to 2025-58316 Description A denial-of-service condition exists in the video-related system service module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no information abo...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in the Huawei HarmonyOS video-related system service module, which can be exploited by attackers to affect...
PT-2025-48118
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation...
CVE-2025-37735
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...
EUVD-2025-37984
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...
CVE-2025-37735
CVE-2025-37735 affects Elastic Defend on Windows. The issue is improper preservation of permissions in the Defend service (running as SYSTEM), which can lead to arbitrary file deletions and in some cases local privilege escalation. Affected versions include up to 8.19.5 and 9.0.0–9.1.5; fixed in ...
PT-2025-45184
Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description An issue exists in Elastic Defend on Windows hosts where improper preservation of permissions can allow the Defend service, running as SYSTEM, to delete arbitrary files on the system...
CVE-2025-12683
Summary: CVE-2025-12683 affects the Everything software stack where a service (running as SYSTEM) communicates with the Everything GUI over a named pipe that has a NULL DACL. This configuration grants all users full permissions on the named pipe, enabling potential privilege escalation for a loca...
CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability
...
CVE-2025-58725
CVE-2025-58725 is described in connected documents as a heap-based buffer overflow in Windows COM that allows a locally authenticated attacker to elevate privileges. The CVE is associated with Windows COM components, with a CVSS v3.1 score of 7.0 (Local, High impact, Privilege escalation) and Exp...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
CVE-2025-50505
Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...
EUVD-2012-5297
Malware in sbrugna...
EUVD-2013-0519
Malware in sbrugna...
EUVD-2020-20806
Malware in sbrugna...
EUVD-2018-15760
Malware in sbrugna...