CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-48647 In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no add... | 7.8 | HIGH | — | 0 |
| CVE-2021-47847 Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | — | 0 |
| CVE-2021-47845 Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit... | 7.8 | HIGH | — | 0 |
| CVE-2021-47833 WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2021-47829 DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the u... | 7.8 | HIGH | — | 0 |
| CVE-2021-47828 BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem... | 7.8 | HIGH | — | 0 |
| CVE-2021-47826 Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47825 Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\P... | 7.8 | HIGH | — | 0 |
| CVE-2021-47823 Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path i... | 7.8 | HIGH | — | 0 |
| CVE-2021-47822 DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2024-44238 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory. | 7.8 | HIGH | — | 0 |
| CVE-2025-68921 SteelSeries Nahimic 3 1.10.7 allows Directory traversal. | 7.8 | HIGH | — | 0 |
| CVE-2026-0975 Delta Electronics DIAView has Command Injection vulnerability. | 7.8 | HIGH | — | 0 |
| CVE-2026-0405 An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. | 7.8 | HIGH | — | 0 |
| CVE-2025-10865 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting... | 7.8 | HIGH | — | 0 |
| CVE-2021-47810 WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted pa... | 7.8 | HIGH | — | 0 |
| CVE-2021-47809 Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2021-47807 Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2021-47806 Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unqu... | 7.8 | HIGH | — | 0 |
| CVE-2021-47792 Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service pat... | 7.8 | HIGH | — | 0 |
| CVE-2021-47790 Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured servic... | 7.8 | HIGH | — | 0 |
| CVE-2021-47805 Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2021-47787 TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path seg... | 7.8 | HIGH | — | 0 |
| CVE-2021-47780 Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly con... | 7.8 | HIGH | — | 0 |
| CVE-2020-36930 SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | — | 0 |
| CVE-2020-36929 Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | — | 0 |
| CVE-2020-36928 Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x... | 7.8 | HIGH | — | 0 |
| CVE-2020-36927 DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo... | 7.8 | HIGH | — | 0 |
| CVE-2022-50921 WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted bina... | 7.8 | HIGH | — | 0 |
| CVE-2022-50928 BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the u... | 7.8 | HIGH | — | 0 |
| CVE-2022-50931 TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3cl... | 7.8 | HIGH | — | 0 |
| CVE-2022-50933 Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary... | 7.8 | HIGH | — | 0 |
| CVE-2023-54331 Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted serv... | 7.8 | HIGH | — | 0 |
| CVE-2025-33206 NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privil... | 7.8 | HIGH | — | 0 |
| CVE-2021-47773 Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | — | 0 |
| CVE-2021-47767 10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquot... | 7.8 | HIGH | — | 0 |
| CVE-2026-33298 llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a G... | 7.8 | HIGH | — | 0 |
| CVE-2026-21533 Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2025-63261 AWStats 8.0 is vulnerable to Command Injection via the open function | 7.8 | HIGH | — | 0 |
| CVE-2026-3476 A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially cra... | 7.8 | HIGH | — | 0 |
| CVE-2026-21519 Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2016-20033 Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions g... | 7.8 | HIGH | — | 0 |
| CVE-2025-69783 A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthori... | 7.8 | HIGH | — | 0 |
| CVE-2026-20700 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memo... | 7.8 | HIGH | KEV | 0 |
| CVE-2026-4295 Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted proj... | 7.8 | HIGH | — | 0 |
| CVE-2025-66342 A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitra... | 7.8 | HIGH | — | 0 |
| CVE-2026-23665 Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-23862 Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local... | 7.8 | HIGH | — | 0 |
| CVE-2019-25612 Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload ... | 7.8 | HIGH | — | 0 |
| CVE-2026-30874 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable fil... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.