CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

EUVD-2022-55750

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

CVE-2023-53965

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute...

CVE-2022-50690

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges...

CVE-2022-50688

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

CVE-2022-50690 Wondershare MirrorGo 2.0.11.346 Local Privilege Escalation via Insecure File Permissions

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges...

CVE-2022-50688 Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...

PT-2025-50742

Name of the Vulnerable Software and Affected Versions Genexus Protection Server version 9.7.2.10 Description The Genexus Protection Server software contains a flaw due to an unquoted service path in the configuration of the protsrvservice Windows service. This allows attackers to potentially...

CVE-2025-66575

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

CVE-2025-66575

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

PT-2025-49151

Name of the Vulnerable Software and Affected Versions VeeVPN version 1.6.1 Description VeeVPN version 1.6.1 has an issue with an unquoted service path in the VeePNService. This allows remote attackers to potentially run code when the system starts or restarts, gaining higher privileges. An attack...

CVE-2025-20774

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

CVE-2025-13051

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

CVE-2025-13051

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

CVE-2025-13051

CVE-2025-13051 affects ABP (2.0–2.0.7.9050) and AES (1.0–1.0.6.8290). The vulnerability arises when the service runs from a directory writable by non-admin users, allowing an attacker to replace or plant a DLL with the same name as one loaded by the service. On service restart, the malicious DLL ...