CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-41727 A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. | 7.8 | HIGH | β | 0 |
| CVE-2021-47773 Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | β | 0 |
| CVE-2025-67264 An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via... | 7.8 | HIGH | β | 0 |
| CVE-2025-47348 Memory corruption while processing identity credential operations in the trusted application. | 7.8 | HIGH | β | 0 |
| CVE-2025-47356 Memory Corruption when multiple threads concurrently access and modify shared resources. | 7.8 | HIGH | β | 0 |
| CVE-2025-47380 Memory corruption while preprocessing IOCTLs in sensors. | 7.8 | HIGH | β | 0 |
| CVE-2025-47388 Memory corruption while passing pages to DSP with an unaligned starting address. | 7.8 | HIGH | β | 0 |
| CVE-2025-47394 Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | 7.8 | HIGH | β | 0 |
| CVE-2026-1361 ASDA-Soft Stack-based Buffer Overflow Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2025-47396 Memory corruption occurs when a secure application is launched on a device with insufficient memory. | 7.8 | HIGH | β | 0 |
| CVE-2026-20613 The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or malic... | 7.8 | HIGH | β | 0 |
| CVE-2021-47780 Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly con... | 7.8 | HIGH | β | 0 |
| CVE-2020-36974 Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit ... | 7.8 | HIGH | β | 0 |
| CVE-2020-36930 SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq... | 7.8 | HIGH | β | 0 |
| CVE-2021-47847 Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | β | 0 |
| CVE-2020-36929 Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exp... | 7.8 | HIGH | β | 0 |
| CVE-2025-48647 In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no add... | 7.8 | HIGH | β | 0 |
| CVE-2020-36928 Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x... | 7.8 | HIGH | β | 0 |
| CVE-2025-12793 An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially result... | 7.8 | HIGH | β | 0 |
| CVE-2020-36927 DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo... | 7.8 | HIGH | β | 0 |
| CVE-2025-33234 NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... | 7.8 | HIGH | β | 0 |
| CVE-2021-47823 Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path i... | 7.8 | HIGH | β | 0 |
| CVE-2025-57836 An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL... | 7.8 | HIGH | β | 0 |
| CVE-2026-0405 An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. | 7.8 | HIGH | β | 0 |
| CVE-2021-47825 Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\P... | 7.8 | HIGH | β | 0 |
| CVE-2020-36980 SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit t... | 7.8 | HIGH | β | 0 |
| CVE-2025-33206 NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privil... | 7.8 | HIGH | β | 0 |
| CVE-2020-36979 Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executable... | 7.8 | HIGH | β | 0 |
| CVE-2025-68921 SteelSeries Nahimic 3 1.10.7 allows Directory traversal. | 7.8 | HIGH | β | 0 |
| CVE-2025-33233 NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalat... | 7.8 | HIGH | β | 0 |
| CVE-2024-44238 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory. | 7.8 | HIGH | β | 0 |
| CVE-2020-36977 Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can ex... | 7.8 | HIGH | β | 0 |
| CVE-2025-62842 An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read ... | 7.8 | HIGH | β | 0 |
| CVE-2026-0975 Delta Electronics DIAView has Command Injection vulnerability. | 7.8 | HIGH | β | 0 |
| CVE-2026-0648 The vulnerability stems from an incorrect error-checking logic in the CreateCounter()Β function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_... | 7.8 | HIGH | β | 0 |
| CVE-2021-47822 DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2021-47863 MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the... | 7.8 | HIGH | β | 0 |
| CVE-2025-67450 Due to insecure library loading in the Eaton UPS Companion software executable,Β an attacker with access to the software package could perform arbitrary code execution .Β This security issue has been ... | 7.8 | HIGH | β | 0 |
| CVE-2021-47859 ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted bi... | 7.8 | HIGH | β | 0 |
| CVE-2021-47861 Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | β | 0 |
| CVE-2025-14026 Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interfa... | 7.8 | HIGH | β | 0 |
| CVE-2021-47862 Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted pa... | 7.8 | HIGH | β | 0 |
| CVE-2021-47864 OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject an... | 7.8 | HIGH | β | 0 |
| CVE-2021-47866 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the ... | 7.8 | HIGH | β | 0 |
| CVE-2021-47867 WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the un... | 7.8 | HIGH | β | 0 |
| CVE-2021-47868 WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unq... | 7.8 | HIGH | β | 0 |
| CVE-2021-47869 Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a mali... | 7.8 | HIGH | β | 0 |
| CVE-2021-47874 VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit ... | 7.8 | HIGH | β | 0 |
| CVE-2025-47393 Memory corruption when accessing resources in kernel driver. | 7.8 | HIGH | β | 0 |
| CVE-2021-47878 eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can ex... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.