Lucene search
K

62 matches found

NVD
NVD
added 2026/06/19 3:16 p.m.14 views

CVE-2016-20092

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.12 views

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20089

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 2:16 p.m.18 views

CVE-2020-37252

CVE-2020-37252 describes an unquoted service path vulnerability in Realtek Audio Service 1.0.0.55, specifically in RtkAudioService64.exe. The root cause is the unquoted service path, enabling local attackers to escalate privileges by placing a malicious executable in the unquoted directory, which...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.29 views

CVE-2020-37250 TFTP Broadband 4.3.0.1465 Unquoted Service Path Privilege Escalation

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...

8.5CVSS0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2016-10907

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50912

Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

8.5CVSS6.1AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50910

Name of the Vulnerable Software and Affected Versions NetDrive version 2.6.12 Description An unquoted service path issue exists in the Netdrive2 Service Netdrive2 service. This allows local users to execute arbitrary code with SYSTEM privileges by placing malicious executables in the system root...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/06 6:13 a.m.24 views

Malicious code in mflux-streamlit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9924feddaacd4b86934ddc7bdf8ff498921a80b34bf99a9136baa592fcc504b6 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6AI score
Exploits0References7
NVD
NVD
added 2026/05/16 4:16 p.m.14 views

CVE-2020-37232

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

8.5CVSS0.00116EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.6 views

CVE-2020-37232

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

8.5CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.5 views

CVE-2026-31251

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...

6.1AI score0.00218EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/05/08 6:56 p.m.354 views

VIM Plugin Persistence

This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/10 7:26 p.m.3 views

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/10 7:26 p.m.4 views

GHSA-2G3W-CPC4-CHR4 PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:46 p.m.22 views

CVE-2026-40156

PraisonAI before 4.5.128 loads a file named tools.py from the CWD using importlib, executing module-level code without explicit consent, validation, or sandboxing. Merely having tools.py in the working directory triggers code execution, bypassing configuration references. This creates a local, im...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References1Affected Software1
Schneier on Security
Schneier on Security
added 2026/04/08 10:25 a.m.8 views

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/07 6:11 p.m.4 views

GHSA-42MX-VP8M-J7QH OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Summary OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped = 2026.3.28 - First stable tag...

7.3CVSS5.8AI score0.00123EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.26 views

LiteLLM 1.82.7 / 1.82.8 Supply Chain Compromise (GHSA-5mg7-485q-xm76)

The version of the LiteLLM Python package installed on the remote host is 1.82.7 or 1.82.8. These versions were published to PyPI by a threat actor known as TeamPCP using compromised maintainer credentials obtained through the Aqua Security Trivy supply chain attack. The malicious releases contai...

9.4CVSS7.7AI score0.60368EPSS
Exploits2References4
Rows per page
Query Builder