21813 matches found
CVE-2026-56301
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...
EUVD-2026-38436
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...
EUVD-2026-38272
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2016-20093
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2025-71326
AVAST Antivirus 25.11 contains an unquoted service path in the SecureLine service, enabling local non-privileged users to execute code with SYSTEM privileges. The vulnerability affects the service configuration’s binary path and can lead to high impact on confidentiality, integrity, and availabil...
EUVD-2025-210288
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2025-71326 AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that...
CVE-2016-20093 Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...
CVE-2016-20093
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...
CVE-2016-20092 NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...
CVE-2016-20092
NetDrive 2.6.12 is affected by an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that enables local privilege escalation. By placing a malicious executable in the system root, an attacker can have it launched during service startup or system reboot, gaining SYSTEM ...
CVE-2016-20089
The CVE-2016-20089 entry concerns Iperius Remote 1.7.0, where an unquoted service path vulnerability enables local users to execute arbitrary code with SYSTEM privileges by placing a malicious executable in the service path. The issue is triggered when the software is installed in directories tha...
EUVD-2016-10902
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...
CVE-2016-20087
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that enables local privilege escalation by exploiting the service binary path. An attacker can place a malicious executable in the system root, which will run with SYSTEM privileges during service startup or system reboot. Aff...
CVE-2016-20087 Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...
CVE-2016-20087
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...
Astra Linux – Vulnerability in Intel Microcode
Observable timing discrepancies in some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...
Astra Linux – Vulnerability in Linux 5.10
The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...