Lucene search
K

12 matches found

NVD
NVD
added 2026/04/28 10:16 a.m.8 views

CVE-2026-7280

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts...

8.4CVSS0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29155

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, allows for the execution of arbitrary system commands through dynamic configuration values. Specifically, substrings enclosed in backticks within...

7.8CVSS6.2AI score0.00866EPSS
Exploits4References10
CVE
CVE
added 2026/02/11 2:56 p.m.15 views

CVE-2019-25307

CVE-2019-25307 : WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration, allowing local attackers to potentially execute arbitrary code. The issue arises from an unquoted binary path, enabling an attacker to inject a malicious executable that can ...

8.5CVSS5.9AI score0.0015EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/04 11:15 p.m.30 views

CVE-2019-25281 NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

8.5CVSS0.00161EPSS
Exploits0References3
NVD
NVD
added 2026/02/01 3:16 p.m.5 views

CVE-2020-37037

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account...

8.5CVSS0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2406

Name of the Vulnerable Software and Affected Versions Emerson PAC Machine Edition version 9.80 Description Emerson PAC Machine Edition 9.80 has an issue with an unquoted service path in the TrapiServer service. This could allow local users to potentially run code with higher privileges. An attack...

8.5CVSS6.5AI score0.00133EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.26 views

CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

8.5CVSS0.00197EPSS
Exploits2References4
NVD
NVD
added 2025/12/04 9:16 p.m.2 views

CVE-2025-66575

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

9.3CVSS0.00384EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 8:46 p.m.20 views

CVE-2025-66575 VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution

VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSyst...

9.3CVSS0.00384EPSS
Exploits1References4
OSV
OSV
added 2024/11/14 10:15 a.m.2 views

DEBIAN-CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue...

9.1CVSS8.7AI score0.0158EPSS
Exploits0References1
OSV
OSV
added 2018/07/19 2:29 p.m.4 views

CVE-2018-5540

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up...

4.4CVSS5.8AI score0.00411EPSS
Exploits0References4
CNVD
CNVD
added 2016/05/15 12:0 a.m.3 views

Docker Privilege Acquisition Vulnerability

Docker is an open source application container engine. Docker starts containers based on a specified UID instead of a username, allowing a local attacker to exploit this vulnerability to gain root privileges to the corresponding container with container startup privileges...

7.8CVSS7.2AI score0.00388EPSS
Exploits0References1
Rows per page
Query Builder