Lucene search
K

331 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/10 12:44 p.m.15 views

CVE-2021-47945

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

8.5CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:34 p.m.6 views

CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

5.4CVSS5.7AI score0.00106EPSS
Exploits1References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 8:23 p.m.8 views

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
EUVD
EUVD
added 2026/05/01 5:53 p.m.7 views

EUVD-2026-26702

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 9:46 a.m.5 views

CVE-2026-7280

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts...

8.4CVSS6.2AI score0.00119EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/21 6:16 p.m.5 views

CVE-2026-5789

A flaw was found in CivetWeb. This vulnerability, related to an unquoted search path, allows a local attacker to execute arbitrary code with elevated privileges. By placing a malicious executable in a directory that is scanned before the legitimate CivetWeb application path, an attacker can explo...

8.5CVSS6.1AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 2:22 p.m.37 views

CVE-2026-5789 Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS0.00139EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/04 10:24 p.m.11 views

Malicious code in databaserobooms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 193ce4e29885d967183910228ce00d02b4380d25ff1a9b342b1fb5b4c124e3ca During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
NVD
NVD
added 2026/04/04 2:16 p.m.5 views

CVE-2016-20061

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...

8.5CVSS0.00123EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.2 views

CVE-2016-20057

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

8.5CVSS6.1AI score0.00606EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/04 1:51 p.m.23 views

CVE-2016-20057 NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart ...

8.5CVSS0.00606EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.8 views

PT-2026-30356

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the...

8.5CVSS6AI score0.00176EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.4 views

PT-2026-30352

IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts...

8.5CVSS6AI score0.00176EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.4 views

PT-2026-30358

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...

8.5CVSS6.1AI score0.00123EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/30 8:21 p.m.8 views

Malicious code in databaseroboats (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score
Exploits0References9
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

6.3CVSS0.00408EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

6.3CVSS7AI score0.58204EPSS
Exploits9References6
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.1 views

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

6.3CVSS6.9AI score0.00408EPSS
Exploits0
EUVD
EUVD
added 2026/03/26 12:30 p.m.3 views

EUVD-2025-209046

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.7CVSS6.1AI score0.00613EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 12:20 p.m.6 views

CVE-2025-41359

The CVE-2025-41359 vulnerability affects Small HTTP Server 3.06.36, due to an unquoted service path for the executable at C:\Program Files (x86)\shttps_mg\http.exe. This misconfiguration enables a local attacker to place a higher-priority malicious executable with the same name, causing the servi...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder