Lucene search
K

127 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.10 views

Golang 1.26.x < 1.26.1 Multiple Vulnerabilities

The version of Golang running on the remote host is prior to 1.26.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - When verifying a certificate chain which contains a certificate containing multiple email address constraints composed of the full email...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/04 11:5 p.m.4 views

CVE-2025-22873

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

3.8CVSS5.2AI score0.00238EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/30 5:16 p.m.6 views

CVE-2020-37059

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/30 4:16 p.m.4 views

EUVD-2020-30955

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5420

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References4
NVD
NVD
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

8.5CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 5:27 p.m.18 views

CVE-2021-47880

Realtek Wireless LAN Utility 700.1631 is affected by an unquoted service path vulnerability in the Realtek11nSU service, enabling local users to execute code with elevated privileges during startup or reboot. Root cause: unquoted service path. Impact: local privilege escalation with high confiden...

8.5CVSS5.7AI score0.00127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3832

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during...

8.5CVSS5.7AI score0.00127EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/01/16 12:0 a.m.184 views

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

9.3CVSS7.9AI score0.01457EPSS
Exploits2
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.31 views

CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

8.5CVSS0.00133EPSS
Exploits1References5
CVE
CVE
added 2026/01/07 11:9 p.m.10 views

CVE-2019-25231

Summary of CVE-2019-25231 (Devolo dLAN Cockpit 4.3.1) : The unquoted service path vulnerability affects the DevoloNetworkService in devolo dLAN Cockpit 4.3.1, allowing local, non-privileged users to potentially execute arbitrary code by placing malicious code in the system root path. This could e...

8.5CVSS7AI score0.00133EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/30 10:41 p.m.3 views

CVE-2024-58315 Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorize...

8.5CVSS7.2AI score0.00197EPSS
Exploits2References4
NVD
NVD
added 2025/12/23 8:15 p.m.8 views

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

8.5CVSS0.00168EPSS
Exploits1References5
CVE
CVE
added 2025/12/22 9:35 p.m.12 views

CVE-2023-53965

CVE-2023-53965 concerns SOUND4 Server Service 4.1.102 with an unquoted service path. The unquoted binary path could be exploited by a local, non-privileged user to execute code with elevated (LocalSystem) privileges during service startup by placing a malicious binary in the system root. Document...

8.6CVSS6.7AI score0.00203EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

Entrust nShield Connect XC 安全漏洞

Entrust nShield Connect XC is a network-connected hardware security module from Entrust, Inc. A security vulnerability exists in the Entrust nShield Connect XC that originates from a user with OS root privileges being able to make unauthenticated modifications to the Chassis Management Board...

9.8CVSS6.8AI score0.00547EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/25 6:0 p.m.5 views

EUVD-2025-199615

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure...

3.3CVSS6AI score0.00118EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 5:59 p.m.6 views

EUVD-2025-199620

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure...

5.7CVSS6AI score0.00091EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.4 views

PT-2025-48048

Name of the Vulnerable Software and Affected Versions NVIDIA DGX Spark GB10 Description The NVIDIA DGX Spark GB10 contains a flaw in the SROOT component. An attacker with privileged access could potentially gain access to System on a Chip SoC protected areas. A successful exploit may lead to code...

9.3CVSS7.2AI score0.00152EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1168

Malware in sbrugna...

4.6CVSS6.4AI score0.01887EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-0240

Malware in sbrugna...

5CVSS8.3AI score0.00721EPSS
Exploits0References3
Rows per page
Query Builder