Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-47879 1 Luidia 1 Ebeam Interactive Suite 2026-04-15 7.8 High
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
CVE-2021-47874 1 Vfsforgit 1 Vfs For Git 2026-04-15 7.8 High
VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
CVE-2021-47867 1 Honeywell 1 Win-pak 2026-04-15 7.8 High
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
CVE-2023-53947 1 Ocsinventory-ng 2 Ocs Inventory Ng, Ocsinventory Ng 2026-04-15 8.4 High
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
CVE-2022-50930 1 Emerson 1 Pac Machine Edition 2026-04-15 8.4 High
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVE-2022-50929 1 Connectify 1 Connectify Hotspot 2026-04-15 8.4 High
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges.
CVE-2022-50924 1 Privateinternetaccess 2 Private Internet Access, Private Internet Access Vpn Client 2026-04-15 8.4 High
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVE-2022-50920 2 Sandboxie, Sandboxie-plus 2 Sandboxie, Sandboxie 2026-04-15 8.4 High
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2025-58079 1 Neojapan 1 Desknet Neo 2026-04-15 N/A
Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.
CVE-2025-9818 2 Microsoft, Omron 2 Windows, Poweract Pro Master Agent 2026-04-15 6.7 Medium
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces.
CVE-2024-58288 2 Genexus, Microsoft 2 Protection Server, Windows 2026-04-15 N/A
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.
CVE-2025-54519 1 Amd 1 Vivado™ Documentation Navigator Installation (windows) 2026-04-15 7.3 High
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-71178 1 Micron 1 Crucial Storage Executive 2026-04-15 N/A
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges.
CVE-2025-48207 2026-04-15 8.6 High
The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-12046 1 Lenovo 2 App Store, Browser 2026-04-15 7.8 High
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.
CVE-2025-30407 2026-04-15 N/A
Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713.
CVE-2024-48123 2026-04-15 8.4 High
An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.
CVE-2025-31480 2026-04-15 9.1 Critical
aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.
CVE-2025-40763 1 Siemens 1 Altair Grid Engine 2026-04-15 7.8 High
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path.
CVE-2024-34167 1 Intel 1 Server Board S2600st Firmware 2026-04-15 6.7 Medium
Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.