Unquoted Search Path or Element

Overview Affected versions of this package are vulnerable to Unquoted Search Path or Element via the SunshineService process. An attacker can execute arbitrary code with SYSTEM privileges by placing a malicious executable in a directory path containing spaces, which is interpreted incorrectly by...

Gen Digital CCleaner Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Gen Digital CCleaner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Some interaction on the part of an administrato...

CVE-2025-59307

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-59307

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

SourceCodester Online Polling System Code SQL注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A SQL injection vulnerability exists in SourceCodester Online Polling System Code version 1.0, which stems from improper handling of parameters in the /manage-profile.php file, which can lead to SQL...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-58400

CVE-2025-58400 affects RATOC RAID Monitoring Manager for Windows by RATOC Systems, Inc. The root cause is an unquoted Windows service path, enabling a user with write access to the system drive root directory to run arbitrary code with SYSTEM privileges. Affected products include RATOC RAID Monit...

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

CVE-2025-8300

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

PT-2025-35609

Name of the Vulnerable Software and Affected Versions: Realtek RTL8811AU drivers affected versions not specified Description: The Realtek RTL8811AU driver contains a heap-based buffer overflow in the N6CSet DOT11 CIPHER DEFAULT KEY function. This flaw occurs due to insufficient validation of...

CVE-2025-57846

CVE-2025-57846 affects Digital Arts i-フィルター products. Root cause: incorrect default permissions (CWE-276) leading to potential arbitrary code execution. Impact: local authenticated attacker can replace a service executable on the host with SYSTEM privileges. Affected products/versions include: i-...

CVE-2025-57699

The vulnerability CVE-2025-57699 affects Western Digital Kitfox for Windows. The issue is an unquoted file path in a Windows service, enabling a user with write access to the system drive root to execute arbitrary code with SYSTEM privileges. Root cause: unquoted service path. Affected products/v...

JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path

Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

CVE-2025-8612 AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

(Pwn2Own) Microsoft Windows 11 vhdmp Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Virtual Hard...

(Pwn2Own) Microsoft Windows win32kbase Type Confusion Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...

(Pwn2Own) Microsoft Windows Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

The vulnerability of the Common Client Real-time Scan service of Trend Micro’s anti-virus software programs, Apex One and Apex One as a Service, allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.

The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software’s Common Client Real-time Scan function is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to enhance their privileges and execute...

PT-2025-30142 · Unknown · Church Donation System

Name of the Vulnerable Software and Affected Versions: Church Donation System version 1.0 Description: A critical vulnerability exists in Church Donation System 1.0. The vulnerability affects unknown code within the /members/offering.php file. Manipulation of the trcode argument results in a SQL...