Lucene search
K

943 matches found

Cvelist
Cvelist
added 2026/02/06 4:41 p.m.29 views

CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory...

8.5CVSS0.00129EPSS
Exploits0References4
CVE
CVE
added 2026/02/06 4:41 p.m.15 views

CVE-2019-25266

Wundersoft Wondershare Application Framework Service 2.4.3.231 is affected by an unquoted service path vulnerability that can let local attackers execute arbitrary code with elevated privileges by placing a malicious executable in specific directories to hijack the service’s execution context. Af...

8.5CVSS6.1AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.12 views

PT-2026-6733

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory...

8.5CVSS6.2AI score0.00129EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/05 3:7 a.m.32 views

CVE-2025-10314 Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...

8.8CVSS0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.13 views

PT-2026-5870

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 Description A flaw exists in default permissions within the software that could allow a local attacker to execute code with system privileges. This is...

8.8CVSS5.6AI score0.00148EPSS
Exploits0References8
CVE
CVE
added 2026/02/04 11:17 p.m.10 views

CVE-2019-25283

CVE-2019-25283 affects Shrew Soft VPN Client 2.2.2. The vulnerability is an unquoted service path that allows local attackers to execute arbitrary code with elevated privileges during service startup or system reboot. The root cause is the unquoted service path, enabling code execution if a malic...

8.5CVSS5.9AI score0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/02/03 3:16 p.m.6 views

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

8.5CVSS0.00187EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/03 2:49 p.m.3 views

CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...

8.5CVSS5.4AI score0.00164EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 2:49 p.m.18 views

CVE-2019-25261

AnyDesk 5.4.0 on Windows is affected by an unquoted service path vulnerability in its Windows service configuration. The unquoted binary path allows a local attacker to place a malicious executable in a service executable location, potentially enabling elevated privileges. The information provide...

8.5CVSS5.4AI score0.00164EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/03 2:49 p.m.27 views

CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...

8.5CVSS0.00164EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/03 5:57 a.m.5 views

Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-5798

AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining...

8.5CVSS5.5AI score0.00164EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.22 views

PT-2026-5847

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...

8.5CVSS6AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-5849

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

8.5CVSS6AI score0.00187EPSS
Exploits1References3
NVD
NVD
added 2026/02/01 3:16 p.m.8 views

CVE-2020-37063

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSyst...

8.5CVSS0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/01 2:38 p.m.3 views

CVE-2020-37062

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...

8.5CVSS6.2AI score0.0015EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/01 2:38 p.m.27 views

CVE-2020-37055 SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access...

8.5CVSS0.0015EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/30 4:16 p.m.5 views

EUVD-2020-30955

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 8:25 p.m.3 views

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

6.3CVSS5.8AI score0.00201EPSS
Exploits1References5
NVD
NVD
added 2026/01/28 1:15 p.m.10 views

CVE-2020-36991

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain...

8.5CVSS0.0016EPSS
Exploits0References3
Rows per page
Query Builder