21818 matches found
PT-2026-7601
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with...
[SECURITY] [DSA 6129-1] munge security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6129-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 10, 2026 https://www.debian.org/security/faq -...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
CVE-2026-21743
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...
PT-2026-7280
Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator 6.5 all versions Fortinet FortiAuthenticator 6.4 all versions Description A missing authorization issue in FortiAuthenticator may allow a user with read-only...
CVE-2019-25304 Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\ISS\SecurOS\ to insert malicious code that would execute...
CVE-2019-25302 Acer Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Launch Manager\dsiwmis.exe to insert malicious code...
PT-2026-6743
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:Program Files x86ISSSecurOS to insert malicious code that would execute with...
CVE-2025-33081
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2019-25287
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Lavasoft\Web Companion\Application\ t...
CVE-2025-33081 Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...
CVE-2026-0924
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2...
Quick Heal Total Security 安全漏洞
Quick Heal Total Security is a antivirus software developed by the Indian company Quick Heal. Version 23.0.0 of Quick Heal Total Security contains a security vulnerability. This vulnerability stems from insufficient validation of restore paths and improper handling of permissions in the isolation...
CVE-2026-0924
BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2...
PT-2026-5707
Name of the Vulnerable Software and Affected Versions BuhoCleaner version 1.15.2 Description BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root. This is achieved through insecure functions within the XPC service. Recommendations...
CVE-2020-37055
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access...
CVE-2020-37037
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account...
CVE-2020-37055
CVE-2020-37055 affects SpyHunter 4 via an unquoted service path in the SpyHunter 4 Service, enabling local privilege escalation by placing malicious executables in specific file-system locations that are loaded during service startup. The vulnerability enables arbitrary code execution with elevat...
CVE-2020-37048 Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would ...