6681 matches found
CVE-2021-47790 Active WebCam 11.5 - Unquoted Service Path
Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative...
CVE-2020-36930
The CVE-2020-36930 vulnerability affects SysGauge Server 7.9.18, caused by an unquoted service path in the binary path configuration (C:\Program Files\SysGauge Server\bin\sysgaus.exe). Local attackers could exploit this to inject malicious executables and escalate privileges. Exploitation details...
CVE-2020-36929
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPAAgent services to inject malicious executables an...
CVE-2020-36927 DiskPulse 13.6.14 - Unquoted Service Path
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject...
CVE-2026-23512
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...
CVE-2021-47761
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...
CVE-2021-47781
Cmder Console Emulator 1.3.18 is affected by a buffer overflow vulnerability in the handling of .cmd files that can trigger a denial of service. The issue, described in multiple sources, arises from specially crafted .cmd content that overflows the console’s buffer and crashes Cmder. The public d...
CVE-2021-47762
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...
CVE-2021-47761
CVE-2021-47761 affects MilleGPG5 5.7.2. The issue is a local privilege escalation where an authenticated user can modify a MariaDB bin directory service executable (mysqld.exe) to a malicious binary, which will run with system privileges on restart. Documented metrics show high severity (CVSS 3.1...
CVE-2021-47761 MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...
EUVD-2026-2779
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...
CVE-2021-47761
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...
PT-2026-3180
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:PROGRAM FILES X86WIBUKEYSERVERWkSvW32.exe' to inject malicious executables and escalate...
PT-2026-3174
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002996)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002996 advisory. The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to mor...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003224)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003224 advisory. Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14,...
CVE-2022-50914
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...
Malicious code in haqawi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...
MAL-2026-255 Malicious code in haqawi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c55dd7769c6bf39fd838af80c68669f79339abce1333cd421d9477144d7fde4 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...
Malicious code in legendevil1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3188a850ecb974606264f28634afaca67ec2f49c1c759cf590aa39ba19e50452 Package is designed to download and execute a remote script, which then downloads and runs a malicious executable --- Category: MALICIOUS - The campaign has...