CVE-2026-33130

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-33253

SANUPS SOFTWARE (SANYO DENKI CO., LTD.) exposes a Windows service registration with an unquoted executable path. According to the description, a user with write access to the system drive root can trigger arbitrary code execution with SYSTEM privileges via a local privilege escalation. The connec...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

PT-2026-27639

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

Wondershare Application Framework Service 代码问题漏洞

Wondershare Application Framework Service is a backend infrastructure service component developed by Wondershare Technology. Version 2.4.3.231 of Wondershare Application Framework Service contains a code vulnerability. This vulnerability stems from service paths that lack quotation marks, which m...

Flexense Dup Scout security vulnerabilities

Flexense Dup Scout is a file cleanup tool developed by Flexense Corporation. Version 13.5.28 of Flexense Dup Scout contains a security vulnerability. This vulnerability stems from the Windows service configuration, where service paths are defined without quotes, potentially allowing for the...

BootPlus code issues and vulnerabilities

BootPlus is a permission management framework developed by JoeyBling. The BOOTP Turbo 2.0.0.1253 version has code vulnerabilities; these vulnerabilities stem from service path configurations in Windows services that lack quotation marks, potentially allowing arbitrary code to be executed...

Acer ePowerSvc code issue vulnerability

Acer ePowerSvc is a power management backend service provided by Acer, a company based in Taiwan, China. Version 6.0.3008.0 of Acer ePowerSvc contains a code vulnerability. This vulnerability stems from service configuration paths that lack quotes, which may lead to privilege escalation...

Weird Solutions DHCP Broadband Code Issues and Vulnerabilities

Weird Solutions DHCP Broadband is an IP address management software developed by Weird Solutions Corporation. Version 4.1.0.1503 of Weird Solutions DHCP Broadband contains a code vulnerability caused by service configurations that include service paths without quotes, which may lead to privilege...

MadeForNet HTTP Debugger Pro code issues and vulnerabilities

MadeForNet HTTP Debugger Pro is an HTTP/HTTPS protocol packet capture and analysis tool developed by the American company MadeForNet. Version 9.11 of MadeForNet HTTP Debugger Pro contains a code vulnerability. This vulnerability stems from binary paths in service configurations that lack quotatio...

Private Internet Access 代码问题漏洞

Private Internet Access PIA is a VPN software from Private Internet Access, Inc. A code issue vulnerability exists in Private Internet Access PIA version 3.3, which stems from the presence of unquoted paths in the service configuration that could lead to the execution of arbitrary code by a local...

Emerson PAC Machine Edition 代码问题漏洞

Emerson PAC Machine Edition is a development environment software from Emerson USA. A code issue vulnerability exists in Emerson PAC Machine Edition version 9.80, which stems from the presence of unquoted service paths to the TrapiServer service, which could lead to code execution by a local user...

python: Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...

CVE-2025-66461

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed...

PT-2025-49543

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed...

CVE-2024-47856

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...