CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

Positive Technologies•added 2026/01/30 12:0 a.m.•4 views

PT-2026-5420

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS

Exploits0References4

NVD•added 2026/01/21 6:16 p.m.•6 views

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

8.5CVSS0.00127EPSS

Exploits0References3

CVE•added 2026/01/21 5:27 p.m.•14 views

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 is affected by an unquoted service path vulnerability in the Realtek11nSU service, enabling local users to execute code with elevated privileges during startup or reboot. Root cause: unquoted service path. Impact: local privilege escalation with high confiden...

8.5CVSS5.7AI score0.00127EPSS

Exploits0References3

Positive Technologies•added 2026/01/21 12:0 a.m.•4 views

PT-2026-3832

8.5CVSS5.7AI score0.00127EPSS

Exploits0References4

Packet Storm•added 2026/01/16 12:0 a.m.•165 views

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

9.3CVSS7.9AI score0.01457EPSS

Exploits2

Cvelist•added 2026/01/07 11:9 p.m.•30 views

CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

8.5CVSS0.00133EPSS

Exploits1References5

CVE•added 2026/01/07 11:9 p.m.•9 views

CVE-2019-25231

Summary of CVE-2019-25231 (Devolo dLAN Cockpit 4.3.1) : The unquoted service path vulnerability affects the DevoloNetworkService in devolo dLAN Cockpit 4.3.1, allowing local, non-privileged users to potentially execute arbitrary code by placing malicious code in the system root path. This could e...

8.5CVSS7AI score0.00133EPSS

Exploits1References5

Vulnrichment•added 2025/12/30 10:41 p.m.•2 views

CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

8.5CVSS7.2AI score0.00197EPSS

Exploits2References4

NVD•added 2025/12/23 8:15 p.m.•3 views

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

8.5CVSS0.00168EPSS

Exploits1References5

CVE•added 2025/12/22 9:35 p.m.•10 views

CVE-2023-53965

CVE-2023-53965 concerns SOUND4 Server Service 4.1.102 with an unquoted service path. The unquoted binary path could be exploited by a local, non-privileged user to execute code with elevated (LocalSystem) privileges during service startup by placing a malicious binary in the system root. Document...

8.6CVSS6.7AI score0.00203EPSS

Exploits2References4Affected Software1

CNNVD•added 2025/12/02 12:0 a.m.•3 views

Entrust nShield Connect XC 安全漏洞

Entrust nShield Connect XC is a network-connected hardware security module from Entrust, Inc. A security vulnerability exists in the Entrust nShield Connect XC that originates from a user with OS root privileges being able to make unauthenticated modifications to the Chassis Management Board...

9.8CVSS6.8AI score0.00537EPSS

Exploits1References4

EUVD•added 2025/11/25 6:0 p.m.•3 views

EUVD-2025-199615

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure...

3.3CVSS6AI score0.00113EPSS

Exploits0References3

EUVD•added 2025/11/25 5:59 p.m.•3 views

EUVD-2025-199620

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure...

5.7CVSS6AI score0.00088EPSS

Exploits0References3

Positive Technologies•added 2025/11/25 12:0 a.m.•3 views

PT-2025-48048

Name of the Vulnerable Software and Affected Versions NVIDIA DGX Spark GB10 Description The NVIDIA DGX Spark GB10 contains a flaw in the SROOT component. An attacker with privileged access could potentially gain access to System on a Chip SoC protected areas. A successful exploit may lead to code...

9.3CVSS7.2AI score0.00149EPSS

Exploits0References22

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-1168

Malware in sbrugna...

4.6CVSS6.4AI score0.01898EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-0240

Malware in sbrugna...

5CVSS8.3AI score0.00721EPSS

Exploits0References3