CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 4 hours ago•3 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

5.8AI score0.0014EPSS

Exploits0References6

RedHat Linux•added 4 hours ago•4 views

kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation

A flaw was found in the Linux kernel's AMD display component. This vulnerability arises from incorrect validation of display mode changes during Display Stream Compression DSC processing. A local attacker could exploit this by initiating specific display configuration changes, which may lead to a...

7.8CVSS5.8AI score0.00126EPSS

RedHat Linux•added 4 hours ago•2 views

kernel: net/sched: act_pedit: extend the writable skb range per key

5.8AI score0.0014EPSS

Exploits0References6

RedHat Linux•added 4 hours ago•3 views

kernel: net/sched: act_pedit: extend the writable skb range per key

5.8AI score0.0014EPSS

Exploits0References6

RedHat Linux•added 4 hours ago•3 views

kernel: RDMA/mana: Validate rx_hash_key_len

A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...

7.8CVSS5.8AI score0.00138EPSS

RedHat Linux•added 4 hours ago•2 views

kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation

7.8CVSS5.8AI score0.00126EPSS

CVE-2023-54353

Chromacam 4.0.3.0 is affected by an unquoted service path vulnerability in the PsyFrameGrabberService. An attacker with write access to C:\ or subdirectories such as C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe in an unquoted path. When the ser...

CVE•added 7 hours ago•7 views

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path in the SecureLine service, enabling local non-privileged users to execute code with SYSTEM privileges. The vulnerability affects the service configuration’s binary path and can lead to high impact on confidentiality, integrity, and availabil...

CVE-2022-50971

Malwarebytes 4.5 is affected by an unquoted service path privilege escalation in the MBAMService executable. The vulnerability allows local attackers to escalate privileges by placing executables in unquoted system root path directories that are executed with LocalSystem privileges during service...

EUVD•added 7 hours ago•5 views

EUVD-2022-56007

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem...

CVE-2021-47985

Summary: CVE-2021-47985 affects Brother SAPSprint 7.60 and is an unquoted service path vulnerability in the SAPSprint service binary, enabling local privilege escalation. An attacker can drop a malicious executable in the Program Files path to run with LocalSystem privileges when the service star...

CVE-2020-37254

Wondershare PDFelement 5.2.9 is affected by a privilege escalation due to an unquoted service path in the WsAppService Windows service. Local attackers could place a malicious executable in the service path and gain code execution with LocalSystem privileges when the service restarts or the syste...

EUVD-2021-34851

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

EUVD-2020-31255

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

CVE•added 7 hours ago•6 views

CVE-2020-37253

The CVE pertains to Winstep 18.06.0096, where the Winstep Xtreme Service has an unquoted service path vulnerability. This allows a local attacker to escalate privileges by placing a malicious executable in Program Files that is executed with LocalSystem privileges when the service starts. Affecte...

Exploits0References2

EUVD-2020-31254

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

CVE•added 7 hours ago•4 views

Exploits0References2

CVE-2020-37251

CVE-2020-37251 concerns RealTimes Desktop Service 18.1.4, where an unquoted service path in rpdsvc.exe allows local privilege escalation to LocalSystem during service startup or reboot. The vulnerability origin is a mislocated executable path, enabling a malicious file placed in unquoted path dir...

CVE•added 7 hours ago•6 views

CVE-2020-37252

CVE-2020-37252 describes an unquoted service path vulnerability in Realtek Audio Service 1.0.0.55, specifically in RtkAudioService64.exe. The root cause is the unquoted service path, enabling local attackers to escalate privileges by placing a malicious executable in the unquoted directory, which...

EUVD-2020-31252

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...