Export limit exceeded: 361629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22437 | 2026-04-15 | 7.3 High | ||
| A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system. | ||||
| CVE-2020-36975 | 1 Epson | 1 Status Monitor 3 | 2026-04-15 | 7.8 High |
| EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges. | ||||
| CVE-2025-62225 | 2 Microsoft, Sony | 2 Windows, Optical Disc Archive Software | 2026-04-15 | N/A |
| Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2021-47866 | 1 Honeywell | 1 Win-pak | 2026-04-15 | 7.8 High |
| WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup. | ||||
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-04-15 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2020-36982 | 1 Motorola-device-manager | 1 Motorola Device Manager | 2026-04-15 | 7.8 High |
| Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup. | ||||
| CVE-2025-23266 | 1 Nvidia | 1 Container Toolkit | 2026-04-15 | 9 Critical |
| NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | ||||
| CVE-2020-37063 | 1 Weird Solutions | 1 Tftp Turbo | 2026-04-15 | 7.8 High |
| TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions. | ||||
| CVE-2025-30033 | 2026-04-15 | 7.8 High | ||
| The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. | ||||
| CVE-2025-7676 | 1 Microsoft | 1 Windows 11 | 2026-04-15 | N/A |
| DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs. | ||||
| CVE-2024-34016 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | ||||
| CVE-2020-36981 | 1 Motorola-device-manager | 1 Motorola Device Manager | 2026-04-15 | 7.8 High |
| Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup. | ||||
| CVE-2025-31645 | 1 Intel | 1 System Event Log Viewer Utility | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some System Event Log Viewer Utility software for all versions within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2020-36980 | 1 Segurazo | 1 Santivirus Ic | 2026-04-15 | 7.8 High |
| SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions. | ||||
| CVE-2020-36934 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2025-62820 | 1 Slack | 1 Nebula | 2026-04-15 | 4.9 Medium |
| Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network. | ||||
| CVE-2023-32266 | 1 Opentext | 1 Alm Quality Center | 2026-04-15 | N/A |
| Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. | ||||
| CVE-2025-30248 | 1 Westerndigital | 1 Wd Discovery | 2026-04-15 | N/A |
| DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path. | ||||
| CVE-2022-50938 | 1 Contpaqi | 1 Adminpaq | 2026-04-15 | 8.4 High |
| CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup. | ||||
| CVE-2020-36977 | 1 Wondershare | 1 Driver Install Service Help | 2026-04-15 | 7.8 High |
| Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account. | ||||