CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-57836 An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL... | 7.8 | HIGH | — | 0 |
| CVE-2021-47868 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2021-47867 WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47866 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the ... | 7.8 | HIGH | — | 0 |
| CVE-2021-47864 OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject an... | 7.8 | HIGH | — | 0 |
| CVE-2021-47862 Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted pa... | 7.8 | HIGH | — | 0 |
| CVE-2021-47861 Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2021-47859 ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted bi... | 7.8 | HIGH | — | 0 |
| CVE-2021-47863 MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | — | 0 |
| CVE-2025-12793 An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially result... | 7.8 | HIGH | — | 0 |
| CVE-2025-14026 Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interfa... | 7.8 | HIGH | — | 0 |
| CVE-2025-47393 Memory corruption when accessing resources in kernel driver. | 7.8 | HIGH | — | 0 |
| CVE-2025-47339 Memory corruption while deinitializing a HDCP session. | 7.8 | HIGH | — | 0 |
| CVE-2025-47346 Memory corruption while processing a secure logging command in the trusted application. | 7.8 | HIGH | — | 0 |
| CVE-2025-47348 Memory corruption while processing identity credential operations in the trusted application. | 7.8 | HIGH | — | 0 |
| CVE-2025-47356 Memory Corruption when multiple threads concurrently access and modify shared resources. | 7.8 | HIGH | — | 0 |
| CVE-2025-47380 Memory corruption while preprocessing IOCTLs in sensors. | 7.8 | HIGH | — | 0 |
| CVE-2025-47388 Memory corruption while passing pages to DSP with an unaligned starting address. | 7.8 | HIGH | — | 0 |
| CVE-2025-47394 Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | 7.8 | HIGH | — | 0 |
| CVE-2025-47396 Memory corruption occurs when a secure application is launched on a device with insufficient memory. | 7.8 | HIGH | — | 0 |
| CVE-2025-33233 NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalat... | 7.8 | HIGH | — | 0 |
| CVE-2025-48647 In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no add... | 7.8 | HIGH | — | 0 |
| CVE-2021-47847 Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | — | 0 |
| CVE-2021-47845 Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit... | 7.8 | HIGH | — | 0 |
| CVE-2021-47833 WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2021-47829 DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the u... | 7.8 | HIGH | — | 0 |
| CVE-2021-47828 BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem... | 7.8 | HIGH | — | 0 |
| CVE-2021-47826 Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47825 Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\P... | 7.8 | HIGH | — | 0 |
| CVE-2021-47823 Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path i... | 7.8 | HIGH | — | 0 |
| CVE-2021-47822 DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2024-44238 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory. | 7.8 | HIGH | — | 0 |
| CVE-2025-68921 SteelSeries Nahimic 3 1.10.7 allows Directory traversal. | 7.8 | HIGH | — | 0 |
| CVE-2026-0975 Delta Electronics DIAView has Command Injection vulnerability. | 7.8 | HIGH | — | 0 |
| CVE-2026-0405 An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. | 7.8 | HIGH | — | 0 |
| CVE-2025-10865 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting... | 7.8 | HIGH | — | 0 |
| CVE-2021-47810 WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted pa... | 7.8 | HIGH | — | 0 |
| CVE-2021-47809 Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2021-47807 Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47806 Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unqu... | 7.8 | HIGH | — | 0 |
| CVE-2021-47792 Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service pat... | 7.8 | HIGH | — | 0 |
| CVE-2021-47790 Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured servic... | 7.8 | HIGH | — | 0 |
| CVE-2021-47805 Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2021-47787 TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path seg... | 7.8 | HIGH | — | 0 |
| CVE-2021-47780 Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly con... | 7.8 | HIGH | — | 0 |
| CVE-2020-36930 SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2020-36929 Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2020-36928 Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x... | 7.8 | HIGH | — | 0 |
| CVE-2020-36927 DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo... | 7.8 | HIGH | — | 0 |
| CVE-2022-50921 WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted bina... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.