News & Sicurezza

CVE ID :CVE-2016-20061 Published : April 4, 2026, 2:16 p.m. | 9 hours, 39 minutes ago Description :sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20057 Published : April 4, 2026, 2:16 p.m. | 7 hours, 38 minutes ago Description :NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20060 Published : April 4, 2026, 2:16 p.m. | 9 hours, 39 minutes ago Description :Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20058 Published : April 4, 2026, 2:16 p.m. | 7 hours, 38 minutes ago Description :Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20059 Published : April 4, 2026, 2:16 p.m. | 9 hours, 39 minutes ago Description :IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20056 Published : April 4, 2026, 2:16 p.m. | 7 hours, 39 minutes ago Description :Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

CVE ID :CVE-2016-20053 Published : April 4, 2026, 2:16 p.m. | 5 hours, 38 minutes ago Description :Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2016-20055 Published : April 4, 2026, 2:16 p.m. | 5 hours, 38 minutes ago Description :IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of ac ... Read more Published Date: Apr 04, 2026 (2 days, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35616 CVE-2026-20093 CVE-2026-21643

Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as ... Read more Published Date: Apr 04, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35616