CVE-2022-50902 Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path

Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\FamiSafe\ to inject malicious code that would run wit...

EUVD-2026-2091

Malicious website can execute commands on the local system through XSS in the OpenCode web UI...

PT-2026-2399

Name of the Vulnerable Software and Affected Versions Cobian Backup version 0.9 Description A local user can execute arbitrary code with elevated system privileges. This is due to an unquoted service path in the CobianReflectorService, allowing attackers to inject malicious code that executes wit...

PT-2026-2377

Name of the Vulnerable Software and Affected Versions Wondershare Dr.Fone version 11.4.9 Description Wondershare Dr.Fone version 11.4.9 has an issue with an unquoted service path in the DFWSIDService. This could allow local users to potentially run arbitrary code. The unquoted path is located at...

PT-2026-2396

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus version 5.50.2 Description Sandboxie-Plus version 5.50.2 has an issue with an unquoted service path in the SbieSvc Windows service. This could allow local attackers to execute arbitrary code. The issue involves the potential to...

EaseUS Data Recovery 代码问题漏洞

EaseUS Data Recovery is a data recovery software from EaseUS. A code issue vulnerability exists in EaseUS Data Recovery version 15.1.0.0, which stems from the unquoted path to the EaseUS UPDATE SERVICE executable service, which could lead to an attacker injecting and executing malicious code and...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2020-7527

Incorrect Default Permission vulnerability exists in SoMove V2.8.1 and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched...

Exploit for Improper Access Control in Microsoft

CVE-2025-47962-POC Reproduction process： i686-w64-mingw32-gcc...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

EUVD-2022-55750

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

CVE-2023-53965

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute...

CVE-2022-50688

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

CVE-2022-50690

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges...

CVE-2022-50690 Wondershare MirrorGo 2.0.11.346 Local Privilege Escalation via Insecure File Permissions

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges...

CVE-2022-50688 Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

PT-2025-50742

Name of the Vulnerable Software and Affected Versions Genexus Protection Server version 9.7.2.10 Description The Genexus Protection Server software contains a flaw due to an unquoted service path in the configuration of the protsrvservice Windows service. This allows attackers to potentially...

CVE-2025-66575

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...