55 matches found
EUVD-2026-15192
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-33253
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-33253
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-33253
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
PT-2026-27639
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-26033
UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...
CVE-2026-26033
The advisory concerns CVE-2026-26033 affecting UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The vulnerability is CWE-428 Unquoted Search Path/Element, allowing a user with write access to a system drive directory to execute arbitrary code with SYSTEM privileges. Affected component i...
Dell UPS Multi-UPS Management Console 代码问题漏洞
Dell UPS Multi-UPS Management Console is an uninterruptible power supply management software developed by the American company Dell. Version 01.06.0001 of Dell UPS Multi-UPS Management Console contains a code vulnerability caused by search paths without quotes. This vulnerability may allow users...
Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0208)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0208 advisory. - In Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, and 9.3.9, a lowprivileged Windows user that can creat...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
EUVD-2025-201913
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
PT-2025-49825
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2025-34329
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...
CVE-2025-34329
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...
CVE-2025-64151
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2025-62225
Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2025-64151
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...