4292 matches found
CVE-2022-50928
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject...
CVE-2022-50917
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated...
CVE-2022-50808
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system...
CVE-2022-50693
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Splashtop\Splashtop Software Updater\ to inject...
CVE-2026-20971
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code...
CVE-2023-53984 HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing...
CVE-2022-50933
CVE-2022-50933 affects Cain & Abel 4.9.56 via an unquoted service path that can allow a local attacker to execute arbitrary code with LocalSystem privileges. The vulnerability stems from an unquoted binary path used to launch the service, enabling local exploitation with SYSTEM rights and potenti...
CVE-2022-50929
CVE-2022-50929 affects Connectify Hotspot 2018, where the unquoted service path of the ConnectifyService.exe at C:\Program Files (x86)\Connectify\ConnectifyService.exe enables a local attacker to potentially inject a malicious executable and escalate privileges. The issue is triggered by an unquo...
CVE-2022-50928 Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject...
CVE-2022-50921 WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during...
CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...
CVE-2022-50693 Splashtop 8.71.12001.0 - Unquoted Service Path
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Splashtop\Splashtop Software Updater\ to inject...
GHSA-C83V-7274-4VGP Malicious website can execute commands on the local system through XSS in the OpenCode web UI
Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...
CVE-2026-21219
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
CVE-2026-21219
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...
CVE-2026-20956
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-20953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2026-20957
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-20955
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2026-20953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...