Canon IJ Scan Utility registers Windows services with unquoted file paths

Overview IJ Scan Utility provided by Canon Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-1585 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may execute arbitrary code with SYSTEM...

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50ABVY.7C0 could allow an authenticated attacker to execute operating system OS commands on an affected device...

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

CVE-2025-15561

CVE-2025-15561 concerns the WorkTime monitoring daemon. An attacker can escalate local privileges to NT AUTHORITY\SYSTEM by placing a malicious WTWatch.exe into C:\ProgramData\wta\ClientExe (writable by Everyone); the daemon then executes it with SYSTEM privileges due to its update behavior. Affe...

CVE-2025-15559

Summary: CVE-2025-15559 affects NesterSoft WorkTime. An unauthenticated OS command injection in the server API endpoint used to generate/download the WorkTime client (parameter: “guid”) allows execution of arbitrary commands on the WorkTime server with NT AUTHORITY\SYSTEM privileges, potentially ...

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

Siemens SINEC NMS和Siemens User Management Component 代码问题漏洞

Siemens SINEC NMS and Siemens User Management Component are both products of Siemens, a German company. Siemens SINEC NMS is a network management system that can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks with tens of thousands of...

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-52626

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0...

CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

CVE-2020-37032 Wing FTP Server 6.3.8 - Remote Code Execution

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

PT-2026-4744

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...

CVE-2020-36934 Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path

Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject...

CVE-2021-47868

CVE-2021-47868 affects WIN-PACK PRO 4.8. The WPCommandFileService has an unquoted service path vulnerability that could allow a local attacker to execute code with LocalSystem privileges by exploiting the unquoted path in the service executable (C:\Program Files (x86)\WINPAKPRO\WPCommandFileServi...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2023-40654

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2018-9399

In /proc/driver/wmtdbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9396

In rpcmsghandler and related handlers of drivers/misc/mediatek/eccci/portrpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9383

In asn1berdecoder of asn1decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...