Lucene search
K

334 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57895

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege...

8.5CVSS0.0011EPSS
Exploits0References2
CVE
CVE
added 6 days ago15 views

CVE-2026-57895

Pupsman before 3.9.0 has an incorrect default-permissions issue that allows an attacker to drop a malicious executable into the installation folder, enabling arbitrary code execution with SYSTEM privileges. Affected software: Pupsman, versions prior to 3.9.0. Root cause: default permissions misco...

8.5CVSS7.6AI score0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 3:16 p.m.14 views

CVE-2016-20092

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2ServiceNetdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or...

8.5CVSS0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.12 views

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during...

8.5CVSS0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.31 views

CVE-2021-47985 Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

8.5CVSS0.00115EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.29 views

CVE-2016-20094 AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...

8.5CVSS0.00181EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.31 views

CVE-2016-20089 Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50913

Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50923

Name of the Vulnerable Software and Affected Versions AVAST Antivirus version 25.11 Description The SecureLine service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local non-privileged users to...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 5:16 p.m.11 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 3:16 p.m.29 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 3:16 p.m.20 views

CVE-2024-22451

Dell Peripheral Manager (versions 1.5.1–1.7.2) contains an uncontrolled search path element vulnerability that could allow arbitrary code execution via preloading a malicious executable. Affected component is the Dell Peripheral Manager executable path; root cause is an uncontrolled search path e...

6.7CVSS5.8AI score0.00099EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 8:47 a.m.11 views

Malicious code in aaaazzzzaz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...

5.5AI score
Exploits0References5
NVD
NVD
added 2026/05/25 3:16 p.m.19 views

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25359

CVE-2018-25359 affects Splinterware System Scheduler Pro 5.12. The issue is insecure file permissions enabling low-privilege users to replace the service executable (WService.exe) in the installation directory, causing a malicious binary to run with LocalSystem privileges when the service starts....

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 3:26 p.m.11 views

EUVD-2020-31248

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

8.5CVSS5.8AI score0.00115EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 3:26 p.m.17 views

CVE-2020-37247

Kite 4.2.0.1 U1 is affected by an unquoted service path vulnerability in the KiteService Windows service. The underlying issue allows local attackers to escalate privileges to LocalSystem by placing a malicious executable in the Program Files directory, which is executed when the service starts. ...

8.5CVSS5.8AI score0.00115EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 3:25 p.m.10 views

EUVD-2020-31230

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that...

8.5CVSS5.8AI score0.00114EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.15 views

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automatic file search solution provided by Flexense Corporation. It allows users to search for files based on file type, category, file name, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates,...

8.5CVSS6.2AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.12 views

PT-2026-41447

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

8.5CVSS5.8AI score0.00115EPSS
Exploits0References4
Rows per page
Query Builder