PT-2026-50492

Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...

CVE-2019-25304

CVE-2019-25304 affects SecurOS Enterprise 10.2, specifically the SecurosCtrlService which uses an unquoted service path at C:\Program Files (x86)\ISS\SecurOS\ during startup. This can allow local users to insert malicious code and execute with system-level privileges. Exploitation details and pub...

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

CVE-2020-37021

10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup...

CVE-2021-47867

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files \WINPAKPRO\ScheduleService Service.exe' to inject malicious code...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992834 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead ftracestartup does...

CVE-2023-53965 SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute...

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

CVE-2018-2406

CVE-2018-2406 affects SAP Crystal Reports Server OEM Edition (CRSE) startup path: unquoted Windows search path leads to local directory/path traversal. Versions 4.0, 4.10, 4.20, 4.30 are affected; local privilege elevation is indicated in connected CNVD entry. The vulnerability’s CVSS notes local...