CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

548 matches found

Positive Technologies•added 2026/01/13 12:0 a.m.•5 views

PT-2026-2421

Name of the Vulnerable Software and Affected Versions Outline version 1.6.0 Description The software contains an unquoted service path, potentially allowing local attackers to execute arbitrary code with elevated system privileges. Exploitation involves the unquoted service path in the...

8.5CVSS7.5AI score0.00196EPSS

Exploits1References6

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2390

Name of the Vulnerable Software and Affected Versions EaseUS Data Recovery version 15.1.0.0 Description EaseUS Data Recovery 15.1.0.0 has an issue with an unquoted service path in the EaseUS UPDATE SERVICE executable. This allows attackers to inject and execute malicious code with elevated...

8.5CVSS7.1AI score0.00179EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 12:38 p.m.•3 views

CVE-2023-50702

Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users and low-privileged users have write access to %PROGRAMDATA%\SSCService. Consequently, low-privileged users can execute arbitrary code as LocalSystem...

8.8CVSS7.8AI score0.0058EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:56 a.m.•4 views

CVE-2022-38777

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

7.8CVSS6.9AI score0.00253EPSS

Exploits0References1

Vulnrichment•added 2025/12/23 7:34 p.m.•4 views

CVE-2021-47739 Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation via Unquoted Service Path

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

8.5CVSS7.2AI score0.00168EPSS

Exploits1References5

EUVD•added 2025/12/23 12:30 a.m.•5 views

EUVD-2022-55752

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges...

8.5CVSS7.3AI score0.00112EPSS

Exploits0References4

Positive Technologies•added 2025/12/23 12:0 a.m.•6 views

PT-2025-52839

Name of the Vulnerable Software and Affected Versions Epic Games Easy Anti-Cheat version 4.0 Description An unquoted service path exists in Epic Games Easy Anti-Cheat 4.0, potentially allowing local non-privileged users to execute arbitrary code with elevated system privileges. An attacker can...

8.5CVSS7.4AI score0.00168EPSS

Exploits1References7

Vulnrichment•added 2025/12/22 9:35 p.m.•2 views

CVE-2022-50690 Wondershare MirrorGo 2.0.11.346 Local Privilege Escalation via Insecure File Permissions

8.5CVSS7.4AI score0.00112EPSS

Exploits0References3

CVE•added 2025/12/22 9:35 p.m.•9 views

CVE-2022-50690

CVE-2022-50690 affects Wondershare MirrorGo 2.0.11.346. The root cause is insecure file permissions on the executable ElevationService.exe, enabling unprivileged local users to replace it with a malicious file and achieve arbitrary code execution with LocalSystem privileges. Impact is local privi...

8.5CVSS7.4AI score0.00112EPSS

Exploits0References3

CVE•added 2025/12/22 9:35 p.m.•8 views

CVE-2022-50688

CVE-2022-50688 concerns Cobian Backup Gravity 11.2.0.582, which is affected by an unquoted service path vulnerability in the CobianBackup11 service. The underlying issue allows a local user to potentially execute arbitrary code with elevated privileges (LocalSystem) during service startup. Exploi...

8.5CVSS7.1AI score0.00125EPSS

Exploits0References3

CVE•added 2025/12/11 9:33 p.m.•7 views

CVE-2024-58288

Genexus Protection Server 9.7.2.10 has an unquoted service path in the protsrvservice Windows service configuration. Exploitation allows arbitrary code execution with LocalSystem privileges by placing malicious executables in specific file system locations. Remediation: quote the service path in ...

8.7CVSS7.5AI score0.00322EPSS

Exploits0References4

EUVD•added 2025/12/04 9:31 p.m.•2 views

EUVD-2025-201266

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

9.3CVSS7.2AI score0.00384EPSS

Exploits1References6

CVE•added 2025/12/04 8:46 p.m.•8 views

CVE-2025-66575

VeeVPN 1.6.1 is affected by an unquoted service path vulnerability in the VeePNService that allows local code execution with SYSTEM privileges during startup/reboot. Exploitation involves providing a malicious service name, enabling command injection and running as LocalSystem. This CVE is docume...

9.3CVSS7.3AI score0.00384EPSS

Exploits1References4Affected Software1

CNNVD•added 2025/12/04 12:0 a.m.•2 views

VeePN 代码问题漏洞

VeePN is a VPN service platform from VeePN Inc. A code issue vulnerability exists in VeePN version 1.6.1, which stems from an unreferenced service path vulnerability in VeePNService that could lead to code execution with LocalSystem privileges upon startup or reboot...

9.3CVSS8.8AI score0.00384EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2006-4645

Malware in sbrugna...

7.2CVSS6.4AI score0.0037EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-21955

Malware in sbrugna...

7.8CVSS7.6AI score0.01129EPSS

Exploits4References4