206143 matches found
CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...
CVE-2022-50920
CVE-2022-50920 concerns Sandboxie-Plus 5.50.2, where an unquoted service path in the Windows SbieSvc service allows a local attacker to potentially execute arbitrary code by injecting a binary that runs with LocalSystem privileges at service startup. The entry’s metrics show high impact (C/H/I/A)...
CVE-2022-50918 VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access...
CVE-2022-50918
The CVE concerns VIVE Runtime Service 1.0.0.4, where an unquoted service path enables local users to run arbitrary code with elevated privileges during service startup. Attackers could place a malicious executable in affected directories to gain LocalSystem access. The vulnerability is local in s...
CVE-2022-50915
CVE-2022-50915 concerns PTPublisher 2.3.4, where the PTProtect service exposes an unquoted service path: C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe. This unquoted path creates a potential local privilege escalation by allowing an attacker to substitute a malic...
CVE-2022-50912 ImpressCMS 1.4.4 - Unrestricted File Upload
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the serv...
CVE-2022-50900 Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during...
CVE-2022-50693
Affected software: Splashtop 8.71.12001.0. Vulnerability: unquoted service path in the Splashtop Software Updater Service, allowing local attackers to inject malicious executables and escalate privileges via the unquoted path at C:\Program Files (x86)\Splashtop\Splashtop Software Updater. Root ca...
CVE-2026-0824
A flaw was found in QuestDB UI. A remote attacker could exploit a cross-site scripting XSS vulnerability by manipulating the Web Console component. This could allow the attacker to inject malicious scripts into web pages, potentially leading to information disclosure or arbitrary code execution i...
GHSA-7VP9-X248-9VR9 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...
CVE-2026-22869
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...
CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...
CVE-2026-22869
Eigent’s CVE-2026-22869 affects its CI workflow (.github/workflows/ci.yml) used in the Eigent multi‑agent Workforce. The vulnerability arises from using the pull_request_target trigger in combination with checking out untrusted PR code, enabling arbitrary code execution from fork pull requests wi...
CVE-2026-22869 Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow .github/workflows/ci.yml allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pullrequesttarget trigger combined with checkout of untrusted PR...
GHSA-XJR7-3C3G-M763 Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file
Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...
EUVD-2026-2042
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21299 Substance3D - Modeler | Out-of-bounds Write (CWE-787)
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21298 Substance3D - Modeler | Out-of-bounds Write (CWE-787)
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-21299 Substance3D - Modeler | Out-of-bounds Write (CWE-787)
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-37186
CVE-2025-37186 is a local privilege-escalation vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client. The Red Hat, NVD, CVE List and other feeds describe an ability for a local attacker to achieve arbitrary code execution with root privileges, via a local attack vector (n...