๐จ CVE-2026-48139
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
NULL pointer dereference vulnerability in NI grpc-device data moniker service
### Impact
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successfu...
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successfu...
๐จ CVE-2026-48141
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Memory leak in NI grpc-device BeginSidebandStream
### Impact
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.
### Patches
Upgrade to 2.18.0 or later
### References ...
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion.
### Patches
Upgrade to 2.18.0 or later
### References ...
๐จ CVE-2026-48895
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49230
Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.
This issue affects Apache APISIX: from 3.8.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.
This issue affects Apache APISIX: from 3.8.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49231
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow the attacker to assume higher privileges on the upstream service.
This issue affects Apache APISIX: from 3.5.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow the attacker to assume higher privileges on the upstream service.
This issue affects Apache APISIX: from 3.5.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49357
Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mcp` supports a `--http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue.
๐@cveNotify
Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mcp` supports a `--http-mode` Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to `0.0.0.0` and exposes the MCP `/mcp` endpoint without an MCP-layer authentication check. Prior to version 1.1.2, any network client that can reach the port can initialize a session, list tools, and call tools that read LINE Desktop chat history or send LINE messages through the already logged-in desktop application. Version 1.1.2 fixes the issue.
๐@cveNotify
GitHub
v1.1.2 ยท dtwang/line-desktop-mcp@6806178
Security:
- Add Bearer Token auth for Streamable HTTP mode (--host, --token flags)
- Require token when binding to non-loopback address
Bug Fixes:
- Fix @mention false positives by excluding /@ pa...
- Add Bearer Token auth for Streamable HTTP mode (--host, --token flags)
- Require token when binding to non-loopback address
Bug Fixes:
- Fix @mention false positives by excluding /@ pa...
๐จ CVE-2026-49871
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.
This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity.
Actions the victim takes upstream are then attributed to attackers identity.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.
This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity.
Actions the victim takes upstream are then attributed to attackers identity.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-4026
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level.
๐@cveNotify
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level.
๐@cveNotify
๐จ CVE-2026-4027
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control.
๐@cveNotify
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control.
๐@cveNotify
๐จ CVE-2026-9142
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
### Impact
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticate...
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticate...
๐จ CVE-2026-9143
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions.
๐@cveNotify
GitHub
Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen
### Impact
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in
CodeGen. This may silently discard high bits if a size value exc...
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in
CodeGen. This may silently discard high bits if a size value exc...
๐จ CVE-2016-20085
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
๐@cveNotify
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
๐@cveNotify
Exploit Database
Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation
Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation.. local exploit for Windows platform
๐จ CVE-2016-20086
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
๐@cveNotify
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
๐@cveNotify
Exploit Database
Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation
Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation.. local exploit for Windows platform
๐จ CVE-2016-20087
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.
๐@cveNotify
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.
๐@cveNotify
Networkdls
Home Page - NetworkDLS
Welcome to NetworkDLS.com
๐จ CVE-2016-20088
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
๐@cveNotify
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
๐@cveNotify
๐จ CVE-2016-20089
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.
๐@cveNotify
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.
๐@cveNotify
Iperiusremote
Iperius Remote - Support and Remote Desktop software
Free Remote Desktop software for Windows, MAC, iOS, Android. Unlimited remote computers. Remote support for mobile devices. Ideal for technical assistance.
๐จ CVE-2016-20090
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
๐@cveNotify
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
๐@cveNotify
๐จ CVE-2016-20091
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
๐@cveNotify
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.
๐@cveNotify
๐จ CVE-2016-20092
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.
๐@cveNotify
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.
๐@cveNotify
๐จ CVE-2016-20093
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.
๐@cveNotify
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.
๐@cveNotify
Wisecleaner
WiseCleaner Software - Optimize, Clean and Speed Up Your Windows PC
Download free WiseCleaner system utilities for Windows to improve your computer\'s performance and make it run faster.