CVE-2020-37016 BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

CVE-2020-37016

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

CVE-2020-36990 Input Director 1.4.3 - 'Input Director' Unquoted Service Path

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with...

CVE-2020-36987 Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

EUVD-2020-30895

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

CVE-2021-47832

CVE-2021-47832 entry is rejected/not used (duplicate) by the CVE Numbering Authority.

CVE-2021-47832

...

EUVD-2005-4170

Malware in sbrugna...

EUVD-2022-41546

Malicious code in bioql PyPI...

EUVD-2022-27291

Malicious code in bioql PyPI...

EUVD-2024-32481

Malicious code in bioql PyPI...

CVE-2025-5199 LPE on Multipass for macOS

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

CVE-2022-39000

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-24122

CVE-2024-24122 describes a remote code execution in Wanxing Technology’s Yitu project management. A crafted exp.adpx file is treated as a zip archive with a special filename, enabling decompression of the project file into the system startup folder, followed by a system restart and automatic exec...

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

CVE-2024-3913

CVE-2024-3913 affects Phoenix Contact CHARX SEC-3100. An unauthenticated remote attacker can change device configuration via a file that is writable for a short window after system startup. Public details identify the product and the timing window; no fix/version is provided in the connected sour...

CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...