PT-2026-41247

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

CVE-2026-4134

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...

Siemens SINEC NMS

SUMMARY Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected...

EUVD-2019-19408

JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions...

CVE-2020-37055

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access...

Epson printer code issue vulnerabilities

The Epson printer is a product of the Japanese company Epson. The Epson Printer 1.124 version has a code vulnerability. This vulnerability stems from an issue with the SENADB service, where a service path is not enclosed in quotes, which may allow code to be executed with elevated system privileg...

CVE-2020-36933

HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2020-36928

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBAAgentClient service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions...

CVE-2020-36928 Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path

Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBAAgentClient service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions...

PT-2026-3149

Name of the Vulnerable Software and Affected Versions Brother BRAgent version 1.38 Description The software contains an unquoted service path vulnerability within the WBA Agent Client service, which operates with LocalSystem privileges. An attacker can exploit the unquoted path located at C:Progr...

CVE-2022-50935

Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files x86\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges...

CVE-2022-50935 FLAME II MODEM USB - Unquoted Service Path

Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files x86\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges...

CVE-2022-50935

CVE-2022-50935 affects Flame II HSPA USB Modem. The Windows service configuration contains an unquoted service path at C:\Program Files (x86)\Internet Telcel\ApplicationController.exe, enabling local attackers to execute arbitrary code with elevated privileges. CVSS metrics in the entry indicate ...

CVE-2024-58315

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

CVE-2025-45095

Lavasoft Web Companion also known as Ad-Aware WebCompanion versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by...

CVE-2025-45095

Lavasoft Web Companion also known as Ad-Aware WebCompanion versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by...

PT-2025-41386

Name of the Vulnerable Software and Affected Versions Lavasoft Web Companion versions 8.9.0.1091 through 12.1.3.1037 Description Lavasoft Web Companion also known as Ad-Aware WebCompanion installs the DCIService.exe service with an unquoted service path. An attacker with write access to the file...

EUVD-2016-8342

Malware in sbrugna...