CVE-2022-50938 CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system...

CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

CVE-2022-50923 Cobian Backup 0.9 - Unquoted Service Path

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions...

CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...

CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...

CVE-2022-50918

The CVE concerns VIVE Runtime Service 1.0.0.4, where an unquoted service path enables local users to run arbitrary code with elevated privileges during service startup. Attackers could place a malicious executable in affected directories to gain LocalSystem access. The vulnerability is local in s...

CVE-2022-50914

CVE-2022-50914 affects EaseUS Data Recovery 15.1.0.0 with an unquoted path in the EaseUS UPDATE SERVICE executable, enabling local privilege escalation to LocalSystem. The connected documents confirm the issue and impact, but do not provide a patch/version fix or explicit exploitation details.

CVE-2022-50914 EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2022-50901 Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that woul...

CVE-2022-50902 Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path

Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\FamiSafe\ to inject malicious code that would run wit...

EUVD-2026-2091

Malicious website can execute commands on the local system through XSS in the OpenCode web UI...

PT-2026-2399

Name of the Vulnerable Software and Affected Versions Cobian Backup version 0.9 Description A local user can execute arbitrary code with elevated system privileges. This is due to an unquoted service path in the CobianReflectorService, allowing attackers to inject malicious code that executes wit...

PT-2026-2377

Name of the Vulnerable Software and Affected Versions Wondershare Dr.Fone version 11.4.9 Description Wondershare Dr.Fone version 11.4.9 has an issue with an unquoted service path in the DFWSIDService. This could allow local users to potentially run arbitrary code. The unquoted path is located at...

PT-2026-2396

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus version 5.50.2 Description Sandboxie-Plus version 5.50.2 has an issue with an unquoted service path in the SbieSvc Windows service. This could allow local attackers to execute arbitrary code. The issue involves the potential to...

EaseUS Data Recovery 代码问题漏洞

EaseUS Data Recovery is a data recovery software from EaseUS. A code issue vulnerability exists in EaseUS Data Recovery version 15.1.0.0, which stems from the unquoted path to the EaseUS UPDATE SERVICE executable service, which could lead to an attacker injecting and executing malicious code and...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2020-7527

Incorrect Default Permission vulnerability exists in SoMove V2.8.1 and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched...

Exploit for Improper Access Control in Microsoft

CVE-2025-47962-POC Reproduction process： i686-w64-mingw32-gcc...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...