68 matches found
CVE-2026-22807
vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...
CVE-2021-47880
Realtek Wireless LAN Utility 700.1631 is affected by an unquoted service path vulnerability in the Realtek11nSU service, enabling local users to execute code with elevated privileges during startup or reboot. Root cause: unquoted service path. Impact: local privilege escalation with high confiden...
EUVD-2026-3619
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...
CVE-2021-47867
The CVE-2021-47867 entry applies to WIN-PACK PRO 4.8, affecting the ScheduleService through an unquoted service path vulnerability. The unquoted path “C:\Program Files \WINPAKPRO\ScheduleService Service.exe” can allow a local attacker to inject code that executes with elevated privileges during s...
GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization
Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...
PT-2026-3830
eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute...
CVE-2021-47828
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot...
CVE-2021-47825 Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem...
PT-2026-2396
Name of the Vulnerable Software and Affected Versions Sandboxie-Plus version 5.50.2 Description Sandboxie-Plus version 5.50.2 has an issue with an unquoted service path in the SbieSvc Windows service. This could allow local attackers to execute arbitrary code. The issue involves the potential to...
PT-2025-54255
Name of the Vulnerable Software and Affected Versions Tosibox Key Service version 3.3.0 Description The software contains an unquoted service path issue. This allows local, non-privileged users to potentially execute code with elevated system privileges. Exploitation involves manipulating the...
CVE-2022-50688 Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute...
CVE-2025-65829
The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...
EUVD-2025-201266
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...
CVE-2025-35968
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
PT-2025-46197
KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...
CVE-2025-57521
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...
CVE-2025-57521
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...
CVE-2025-59041
Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...
CVE-2024-35802
A flaw was found in the Linux kernel. Incorrect position-dependent variable references in the startup code may lead to a crash...
CVE-2024-35802
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...