CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•6 views

EUVD-2026-38230

8.8CVSS6.3AI score

CVE•added 4 days ago•11 views

CVE-2026-49260

CVE-2026-49260 affects PhpWeasyPrint prior to 2.5.1. The vulnerability arises from building the WeasyPrint command by passing the binary path through escapeshellarg() and then validating the quoted result with is_executable(); on POSIX systems this makes the bin path string contain quotes, causin...

8.2CVSS5.9AI score

NVD•added 4 days ago•8 views

CVE-2020-37251

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service...

NVD•added 4 days ago•7 views

CVE-2016-20092

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

NVD•added 4 days ago•6 views

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

OSSF Malicious Packages•added 4 days ago•5 views

Malicious code in @chunklab/hexparse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56ad779454aa221e4a3d5a13725428059b40edd7cd8a4329ef382348bc493013 Package advertises itself as a small hex/base64/endianness codec library, but every exported encode/decode function encodeHex, decodeHex,...

6AI score

Exploits0References5

EUVD•added 4 days ago•8 views

EUVD-2021-34851

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

8.5CVSS5.8AI score

Cvelist•added 4 days ago•29 views

CVE-2021-47985 Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation

Cvelist•added 4 days ago•27 views

CVE-2020-37251 RealTimes Desktop Service 18.1.4 Unquoted Service Path Privilege Escalation

CVE•added 4 days ago•8 views

CVE-2020-37251

CVE-2020-37251 concerns RealTimes Desktop Service 18.1.4, where an unquoted service path in rpdsvc.exe allows local privilege escalation to LocalSystem during service startup or reboot. The vulnerability origin is a mislocated executable path, enabling a malicious file placed in unquoted path dir...

8.5CVSS6.2AI score

Cvelist•added 4 days ago•25 views

CVE-2016-20094 AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

CVE•added 4 days ago•11 views

CVE-2016-20091

CVE-2016-20091 affects Windows Firewall Control 4.8.6.0. The issue is an unquoted service path for the wfcs.exe service, enabling local attackers to escalate privileges by placing malicious executables in unquoted directories that are executed with LocalSystem privileges on service restart or sys...

8.5CVSS5.9AI score

EUVD•added 4 days ago•6 views

EUVD-2016-10904

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with...

8.5CVSS5.9AI score

Cvelist•added 4 days ago•27 views

CVE-2016-20089 Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

AstraLinux•added 4 days ago•4 views

Astra Linux – Vulnerability in binutils

The bfdgenericreadminisymbols function in syms.c within the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.31, contains a memory leak that can occur due to an improperly crafted ELF file. This leads to a denial of service condition due to excessive memory...

5.5CVSS6.4AI score0.01819EPSS

Exploits1References2

Positive Technologies•added 4 days ago•10 views

PT-2026-50923

Name of the Vulnerable Software and Affected Versions AVAST Antivirus version 25.11 Description The SecureLine service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local non-privileged users to...

8.5CVSS6AI score

Exploits0References6

NVD•added 2026/06/16 5:16 p.m.•8 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS

Cvelist•added 2026/06/16 3:16 p.m.•21 views

CVE-2024-22451

6.7CVSS0.00099EPSS

CVE•added 2026/06/16 3:16 p.m.•9 views

CVE-2024-22451

Dell Peripheral Manager (versions 1.5.1–1.7.2) contains an uncontrolled search path element vulnerability that could allow arbitrary code execution via preloading a malicious executable. Affected component is the Dell Peripheral Manager executable path; root cause is an uncontrolled search path e...

6.7CVSS5.8AI score0.00099EPSS