CVE-2017-20265

CVE-2017-20265 affects the Joomla! extension Flip Wall (version 8.0). The vulnerability is an SQL injection in the wallid parameter, exploitable via GET requests to index.php with option=com_flipwall&task=click&wallid, allowing unauthenticated attackers to execute arbitrary SQL and potentially ex...

CVE-2026-12620

The CVE affects GridTime 3000 GNSS Time Server versions 1.0r0.03 through 1.1r0.0, where an access token is leaked in the URL parameters of certain endpoints. The issue is documented by NVD/CVE entries for CVE-2026-12620, with an attack surface described as NETWORK, requiring HIGH privileges and A...

CVE-2017-20264

Summary: CVE-2017-20264 affects Joomla! Component Sponsor Wall 8.0. An SQL injection vulnerability exists in the wallid parameter via GET requests to index.php with option=com_sponsorwall&task=click&wallid, allowing unauthenticated attackers to execute arbitrary SQL and potentially exfiltrate cre...

CVE-2017-20263

CVE-2017-20263 affects Joomla! FocalPoint Pro/Free 1.2.3. An SQL injection vulnerability exists in the location view when processing the id parameter, allowing unauthenticated attackers to inject SQL via HTTP GET to index.php with option=com_focalpoint, view=location, and crafted id values to exf...

CVE-2026-12621

GridTime 3000 GNSS Time Server Password Reset form is vulnerable to XSS due to improper neutralization of input during web page generation. Affected from 1.0r0.03 up to, but not including, 1.2r0.0. Base CVSS v4 score is 5.3 (Medium). No exploitation details are provided in the documents; no remed...

CVE-2017-20262

CVE-2017-20262 affects the Joomla! extension Ajax Quiz (version 1.8). The vulnerability is an SQL injection in the cid parameter, exploitable via GET requests to index.php with option=com_ajaxquiz and view=ajaxquiz. An unauthenticated attacker can execute arbitrary SQL and retrieve sensitive data...

CVE-2026-12622

The GridTime 3000 GNSS Time Server presents an open redirect vulnerability in its password change form submission affecting versions 1.0r0.03 through 1.1r0.0. The issue is described as an open redirect in the password change flow; no further exploitation details, impact scope, or remediation are ...

CVE-2017-20261

CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

CVE-2017-20259

CVE-2017-20259 affects Joomla OSDownloads 1.7.4. The vulnerability is an SQL injection in the item view (GET parameter id) that allows unauthenticated attackers to run arbitrary SQL via index.php?option=com_osdownloads&view=item&id=[SQL], enabling extraction of credentials and configuration data....

CVE-2026-12619

The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...

CVE-2017-20258

CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands via the ajaxaction.flag_question task. Exploitation can occur by injecting malicious SQL through the stu_quiz_id or flag_quest parameters to manipula...

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...

CVE-2017-20255

This CVE affects the Joomla! extension JB Visa 1.0. The vulnerability is an SQL injection in the visatype parameter that can be exploited via GET requests to index.php with option=com_bookpro and view=popup, allowing unauthenticated attackers to extract sensitive data (credentials and table conte...

CVE-2017-20254

The CVE-2017-20254 entry concerns the Joomla! Component User Bench 1.0, which is vulnerable to SQL injection via the userid parameter in index.php? option=com_userbench&view=detail&userid. The underlying flaw allows unauthenticated attackers to execute arbitrary SQL and exfiltrate sensitive data ...

CVE-2017-20253

Joomla! Component My Projects 2.0 is affected by an SQL injection vulnerability that allows unauthenticated attackers to craft requests to the VerAyari parameter and execute arbitrary SQL queries. The flaw can enable extraction of sensitive database information, including credentials and system d...

CVE-2017-20252

This CVE affects Joomla NextGen Editor 2.1.0. The vulnerability is an SQL injection in the plname parameter, exploitable via GET requests to index.php with option=com_nge&view=config, enabling an unauthenticated attacker to inject SQL and potentially access sensitive database information. Reporte...

CVE-2026-49358

Summary of CVE-2026-49358 (PhpWeasyPrint) : Prior to version 2.6.0, the public array AbstractGenerator::$temporaryFiles could be appended with arbitrary paths. When removeTemporaryFiles() runs (from __destruct or a shutdown function), it calls unlink() on every entry without verifying that the pa...

CVE-2026-21768

CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...

CVE-2026-55832

Technical details for CVE-2026-55832 are not publicly available in the provided documents. Monitor for updates; no products, impact, or remediation are specified.

CVE-2026-52910

The CVE concerns the Linux kernel: a reuseport cBPF program could be freed without waiting for an RCU grace period, via sk_reuseport_prog_free() when detaching from the setsockopt path. The underlying issue is that bpf_release_orig_filter() and bpf_prog_free() destruct the cBPF program too early,...

CVE-2026-52909

The CVE-2026-5299x family concerns the Linux kernel IPv6 virtual tunnel interfaces. The issue: in vti6_init_net(), the per-netns fallback tunnel device (ip6_vti0) does not set the netns_immutable flag, allowing the device to be moved between network namespaces. This flag is correctly set by other...

CVE-2026-55773

Technical details for CVE-2026-55773 are not publicly available in the provided documents. No affected products, impacts, or remediation are disclosed. Monitor for updates.

CVE-2026-55772

Technical details for CVE-2026-55772 are not publicly available in the provided documents. No affected products, impact, or remediation are disclosed. Monitor for updates.

CVE-2026-55689

Technical details for CVE-2026-55689 are not publicly available in the provided documents. Monitor for updates when more information is released.

CVE-2026-55414

Technical details for CVE-2026-55414 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-71326

AVAST Antivirus 25.11 contains an unquoted service path in the SecureLine service, enabling local non-privileged users to execute code with SYSTEM privileges. The vulnerability affects the service configuration’s binary path and can lead to high impact on confidentiality, integrity, and availabil...

CVE-2023-54353

Chromacam 4.0.3.0 is affected by an unquoted service path vulnerability in the PsyFrameGrabberService. An attacker with write access to C:\ or subdirectories such as C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe in an unquoted path. When the ser...

CVE-2022-50971

Malwarebytes 4.5 is affected by an unquoted service path privilege escalation in the MBAMService executable. The vulnerability allows local attackers to escalate privileges by placing executables in unquoted system root path directories that are executed with LocalSystem privileges during service...

CVE-2021-47985

Summary: CVE-2021-47985 affects Brother SAPSprint 7.60 and is an unquoted service path vulnerability in the SAPSprint service binary, enabling local privilege escalation. An attacker can drop a malicious executable in the Program Files path to run with LocalSystem privileges when the service star...

CVE-2020-37254

Wondershare PDFelement 5.2.9 is affected by a privilege escalation due to an unquoted service path in the WsAppService Windows service. Local attackers could place a malicious executable in the service path and gain code execution with LocalSystem privileges when the service restarts or the syste...

CVE-2020-37253

The CVE pertains to Winstep 18.06.0096, where the Winstep Xtreme Service has an unquoted service path vulnerability. This allows a local attacker to escalate privileges by placing a malicious executable in Program Files that is executed with LocalSystem privileges when the service starts. Affecte...

CVE-2020-37252

CVE-2020-37252 describes an unquoted service path vulnerability in Realtek Audio Service 1.0.0.55, specifically in RtkAudioService64.exe. The root cause is the unquoted service path, enabling local attackers to escalate privileges by placing a malicious executable in the unquoted directory, which...

CVE-2020-37251

CVE-2020-37251 concerns RealTimes Desktop Service 18.1.4, where an unquoted service path in rpdsvc.exe allows local privilege escalation to LocalSystem during service startup or reboot. The vulnerability origin is a mislocated executable path, enabling a malicious file placed in unquoted path dir...

CVE-2020-37250

CVE-2020-37250 affects TFTP Broadband 4.3.0.1465 where the unquoted service path in the tftpt.exe service binary enables local privilege escalation to LocalSystem by placing a malicious executable in the Program Files path that is executed at service startup or system reboot. The vulnerability is...

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 is affected by an unquoted binary path in the niaservice service, enabling local privilege escalation. An attacker could place a malicious executable in an intermediate directory and trigger code execution with LocalSystem privileges when the service starts or r...

CVE-2016-20094

CVE-2016-20094 – AnyDesk 2.5.0 : An unquoted service path vulnerability in the AnyDesk service allows local attackers to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can place malicious executables in the system root path, which may be launched w...

CVE-2016-20095

The CVE-2016-20095 entry affects Matrix42 Remote Control Host 3.20.0031, due to an unquoted service path in the FastViewerRemoteService and FastViewerRemoteProxy. This allows local attackers to escalate privileges to SYSTEM by placing a crafted-named executable in the Program Files directory that...

CVE-2016-20093

CVE-2016-20093 affects Wise Care 365 v4.27 and Wise Disk Cleaner v9.29, with unquoted service paths in the WiseBootAssistant and SpyHunter 4 Service. The underlying issue is an unquoted service path, enabling local attackers to execute arbitrary code with SYSTEM privileges by placing a malicious ...

CVE-2016-20091

CVE-2016-20091 affects Windows Firewall Control 4.8.6.0. The issue is an unquoted service path for the wfcs.exe service, enabling local attackers to escalate privileges by placing malicious executables in unquoted directories that are executed with LocalSystem privileges on service restart or sys...

CVE-2016-20092

NetDrive 2.6.12 is affected by an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that enables local privilege escalation. By placing a malicious executable in the system root, an attacker can have it launched during service startup or system reboot, gaining SYSTEM ...

CVE-2016-20090

CVE-2016-20090 affects Comodo Dragon Browser up to version 52.15.25.663. The issue is a privilege escalation in the DragonUpdater service caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can drop a malicious executable in the service path and trigger code exec...

CVE-2016-20088

The CVE refers to Comodo Chromodo Browser version 52.15.25.664 with an unquoted service path in the ChromodoUpdater service, which runs with SYSTEM privileges. This allows a local attacker to place a malicious executable in the service path and achieve arbitrary code execution with elevated privi...

CVE-2016-20089

The CVE-2016-20089 entry concerns Iperius Remote 1.7.0, where an unquoted service path vulnerability enables local users to execute arbitrary code with SYSTEM privileges by placing a malicious executable in the service path. The issue is triggered when the software is installed in directories tha...

CVE-2016-20087

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that enables local privilege escalation by exploiting the service binary path. An attacker can place a malicious executable in the system root, which will run with SYSTEM privileges during service startup or system reboot. Aff...

CVE-2026-55375

Technical details for CVE-2026-55375 are not publicly available in the provided documents. Monitor for updates as information may be released by the reserving party.

CVE-2016-20085

The CVE-2016-20085 entry affects Realtek High Definition Audio Driver version 6.0.1.6730 and describes an unquoted service path privilege-escalation vulnerability. An attacker could place a malicious executable in the unquoted service path and restart the Realtek service to execute code with Loca...

CVE-2016-20086

Vembu StoreGrid 4.0 is affected by an unquoted service path privilege-escalation vulnerability in the RemoteBackup and RemoteBackup_webServer services. An attacker can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges. This CVE (...

CVE-2026-55374

Technical details for CVE-2026-55374 are not publicly available in the provided documents; monitor for updates.