2602 matches found
CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 - Unquoted service path
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup...
CVE-2020-37017
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with...
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution...
CVE-2020-36979 Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup...
EUVD-2026-4636
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...
CVE-2020-36936 Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path...
PT-2026-4514
Name of the Vulnerable Software and Affected Versions Epson USB Display version 1.6.0.0 Description The software contains an unquoted service path vulnerability within the EMP UDSA service, which operates with LocalSystem privileges. This allows attackers to potentially gain elevated system acces...
EUVD-2026-3612
Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem...
PT-2026-3836
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program Files x86PingzapperPZService.exe' to inject malicious executables and escalate...
Linux Distros Unpatched Vulnerability : CVE-2025-10569
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed...
Oracle Hyperion security vulnerabilities
Oracle Hyperion is a financial modeling application developed by Oracle Corporation in the United States. This software provides functions such as financial settlement and report generation. A security vulnerability exists in the Oracle Planning and Budgeting Cloud Service version 25.04.07 of...
PT-2026-3672
Name of the Vulnerable Software and Affected Versions Oracle Planning and Budgeting Cloud Service versions 25.04.07 Description A flaw exists in the Oracle Planning and Budgeting Cloud Service, specifically within the EPM Agent component. A highly privileged attacker with access to the system can...
MiracleLinux 8 : python-setuptools-39.2.0-6.el8.1 (AXSA:2023-5166:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5166:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 Tenable has extracted the preceding description block directly...
MiracleLinux 7 : ntp-4.2.6p5-25.1.0.1.el7.AXS7 (AXSA:2017-1296:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1296:01 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...
Security Bulletin: Remediation of Multiple Apache Struts 1.3.10 Vulnerabilities in IBM Library Support for Struts
Summary Multiple EOL Apache Struts 1.3.10 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-54656 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Strut...
CVE-2021-47809
Disk Sorter Enterprise 13.6.12 is affected by an unquoted service path vulnerability in its Windows service configuration. The issue arises from the unquoted path 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe', which could allow a local attacker to inject a malicious executable and esc...
CVE-2026-22809 tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...
CVE-2026-20875
Null pointer dereference in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...
CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability
...
CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability
...