CVE-2025-10314

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...

EUVD-2025-206872

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...

CVE-2020-37101 VPN unlimited 6.1 - Unquoted Service Path

VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files x86\VPN Unlimited' to replace the service executable and gain elevated system...

CVE-2021-47852

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

EUVD-2026-3623

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

PT-2026-3805

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated syste...

CVE-2022-50690

CVE-2022-50690 affects Wondershare MirrorGo 2.0.11.346. The root cause is insecure file permissions on the executable ElevationService.exe, enabling unprivileged local users to replace it with a malicious file and achieve arbitrary code execution with LocalSystem privileges. Impact is local privi...

EUVD-2025-25896

Malicious code in bioql PyPI...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

CVE-2025-57846

CVE-2025-57846 affects Digital Arts i-フィルター products. Root cause: incorrect default permissions (CWE-276) leading to potential arbitrary code execution. Impact: local authenticated attacker can replace a service executable on the host with SYSTEM privileges. Affected products/versions include: i-...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

CVE-2025-57846

Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...

JVN#55678602: Improper file access permission settings in multiple i-フィルター products

Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57846 Impact A...

PT-2025-34837 · I-フィルター · I-フィルター

Name of the Vulnerable Software and Affected Versions: i-フィルター products affected versions not specified Description: Multiple i-フィルター products are affected by incorrect default permissions. A local authenticated attacker may replace a service executable on the system where the product is running,...

NextVPN v4.10 - Insecure File Permissions Vulnerability

Exploit Title: NextVPN v4.10 - Insecure File Permissions Exploit Author: SajjadBnd Contact: email protected Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10 Professional x64 Description The NextVPN Application was...

SpiderControl SCADA Web Server Elevation of Privilege Vulnerability

SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...