CVE-2026-0521

A reflected cross-site scripting XSS vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through...

EUVD-2025-206683

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine...

GHSA-7G56-FWXJ-CM23 FUXA contains an Unrestricted File Upload vulnerability

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the lack of an authentication mechanism for the/api/upload API endpoints. This allows unauthorized remote attackers to upload arbitrar...

EUVD-2025-206705

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

PT-2026-5847

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...

CVE-2020-37062

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...

CVE-2020-37055

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access...

CVE-2020-37045

CVE-2020-37045 affects Veritas NetBackup 7.0. The vulnerability is an unquoted service path in the NetBackup INET Daemon (bpinetd.exe under C:\Program Files\Veritas\NetBackup\bin). This unquoted path can be exploited by local users to execute arbitrary code with elevated LocalSystem privileges. E...

Popcorn Time code-related vulnerabilities

Popcorn Time is an open-source, multi-platform free software BitTorrent client developed by Popcorn Time. Version 6.2.1.14 of Popcorn Time contains a code vulnerability caused by an unquoted service path. This vulnerability could allow local non-privileged users to execute code and gain system...

CVE-2020-37016 BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

PT-2026-4202

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

CVE-2021-47887

CVE-2021-47887 affects OKI Print Job Accounting 4.4.10, where the OkiJaSvc service has an unquoted service path at C:\Program Files\Okidata\Print Job Accounting\ allowing local attackers to potentially inject executable code and escalate privileges. The vulnerability is described as a local, low-...

PT-2026-3833

FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during...

CVE-2025-14233

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2021-47805

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated...

CVE-2021-47780

Macro Expert 4.7 is affected by an unquoted service path vulnerability, enabling local users to potentially execute arbitrary code with LocalSystem privileges during service startup. Root cause: improperly configured service path. Impact is high (local exploit). Remediation: ensure the service pa...

PT-2026-3164

Name of the Vulnerable Software and Affected Versions Remote Mouse version 4.002 Description The software contains an unquoted service path, allowing local attackers to execute arbitrary code with elevated system privileges. Specifically, the unquoted service path in the RemoteMouseService can be...

CVE-2022-50907

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL parameter, enabling remote code execution...