Monthly
Unquoted service path vulnerability in AVACAST by eMPIA Technology enables local privilege escalation from high-privileged user to SYSTEM. Attackers with administrative access can plant malicious executables in unquoted paths, achieving arbitrary code execution with system-level privileges upon service restart. Taiwan CERT (TWCERT) published advisories confirming the vulnerability. No public exploit code identified at time of analysis, and exploitation requires existing administrative privileges, limiting practical risk to environments where privileged user compromise is a concern.
Local privilege escalation in CivetWeb v1.16 service allows authenticated users to execute arbitrary code with SYSTEM privileges via unquoted service path exploitation. The Windows service configuration lacks quotes around 'C:\Program Files\CivetWeb\CivetWeb.exe', enabling attackers to place malicious executables in directories scanned before the intended path (e.g., 'C:\Program.exe' or 'C:\Program Files\CivetWeb.exe'). No public exploit identified at time of analysis, though EPSS data not available. Patch available per vendor advisory from INCIBE.
Electron's setLoginItemSettings() function on Windows fails to quote executable paths in the Run registry key, allowing local attackers with write access to ancestor directories to execute arbitrary programs at login if the app is installed to a path containing spaces. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, and requires high-privilege access and unfavorable conditions (non-standard install paths) to exploit, making real-world impact limited to non-default Windows configurations.
Small HTTP Server 3.06.36 allows local attackers with low privileges to execute arbitrary code through an unquoted service path vulnerability in the http.exe service executable. By placing a malicious executable in a higher-priority directory along the unquoted path 'C:\Program Files (x86)\shttps_mg\http.exe service', attackers can achieve full system compromise with high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and CISA SSVC framework indicates no current exploitation, though technical impact is rated as total.
Small HTTP Server 3.06.36 contains an unquoted service path vulnerability (CWE-428) allowing local authenticated attackers to execute arbitrary code with elevated privileges by placing malicious executables in higher-priority directories. Despite a CVSS 4.0 score of 8.7, real-world risk is significantly lower with only 0.02% EPSS probability (4th percentile) and no public exploit identified at time of analysis. INCIBE has reported this vulnerability with patches available from the vendor.
A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.
Local privilege escalation in MobaXterm before 26.1 allows authenticated users with file system write access to execute arbitrary code by DLL hijacking the Notepad++ launch process. When opening remote files, MobaXterm calls WinExec without a fully qualified path, enabling attackers to place malicious executables in the search path to achieve code execution in the victim user's context. EPSS score of 0.01% (2nd percentile) indicates low probability of imminent widespread exploitation, consistent with the local attack vector requiring pre-existing system access. No active exploitation confirmed in CISA KEV; public exploit code status unknown.
Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) contains a security vulnerability (CVSS 6.7).
Unquoted service path handling in IJ Scan Utility versions 1.1.2 through 1.5.0 on Windows allows privileged local attackers to achieve arbitrary code execution by placing a malicious executable in a predictable directory location. An authenticated user with high privileges could exploit this weakness to execute commands with the same permissions as the vulnerable service. No patch is currently available for this issue.
Unquoted service path vulnerability in AVACAST by eMPIA Technology enables local privilege escalation from high-privileged user to SYSTEM. Attackers with administrative access can plant malicious executables in unquoted paths, achieving arbitrary code execution with system-level privileges upon service restart. Taiwan CERT (TWCERT) published advisories confirming the vulnerability. No public exploit code identified at time of analysis, and exploitation requires existing administrative privileges, limiting practical risk to environments where privileged user compromise is a concern.
Local privilege escalation in CivetWeb v1.16 service allows authenticated users to execute arbitrary code with SYSTEM privileges via unquoted service path exploitation. The Windows service configuration lacks quotes around 'C:\Program Files\CivetWeb\CivetWeb.exe', enabling attackers to place malicious executables in directories scanned before the intended path (e.g., 'C:\Program.exe' or 'C:\Program Files\CivetWeb.exe'). No public exploit identified at time of analysis, though EPSS data not available. Patch available per vendor advisory from INCIBE.
Electron's setLoginItemSettings() function on Windows fails to quote executable paths in the Run registry key, allowing local attackers with write access to ancestor directories to execute arbitrary programs at login if the app is installed to a path containing spaces. The vulnerability affects Electron versions prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, and requires high-privilege access and unfavorable conditions (non-standard install paths) to exploit, making real-world impact limited to non-default Windows configurations.
Small HTTP Server 3.06.36 allows local attackers with low privileges to execute arbitrary code through an unquoted service path vulnerability in the http.exe service executable. By placing a malicious executable in a higher-priority directory along the unquoted path 'C:\Program Files (x86)\shttps_mg\http.exe service', attackers can achieve full system compromise with high confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and CISA SSVC framework indicates no current exploitation, though technical impact is rated as total.
Small HTTP Server 3.06.36 contains an unquoted service path vulnerability (CWE-428) allowing local authenticated attackers to execute arbitrary code with elevated privileges by placing malicious executables in higher-priority directories. Despite a CVSS 4.0 score of 8.7, real-world risk is significantly lower with only 0.02% EPSS probability (4th percentile) and no public exploit identified at time of analysis. INCIBE has reported this vulnerability with patches available from the vendor.
A remote code execution vulnerability (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.
Local privilege escalation in MobaXterm before 26.1 allows authenticated users with file system write access to execute arbitrary code by DLL hijacking the Notepad++ launch process. When opening remote files, MobaXterm calls WinExec without a fully qualified path, enabling attackers to place malicious executables in the search path to achieve code execution in the victim user's context. EPSS score of 0.01% (2nd percentile) indicates low probability of imminent widespread exploitation, consistent with the local attack vector requiring pre-existing system access. No active exploitation confirmed in CISA KEV; public exploit code status unknown.
Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) contains a security vulnerability (CVSS 6.7).
Unquoted service path handling in IJ Scan Utility versions 1.1.2 through 1.5.0 on Windows allows privileged local attackers to achieve arbitrary code execution by placing a malicious executable in a predictable directory location. An authenticated user with high privileges could exploit this weakness to execute commands with the same permissions as the vulnerable service. No patch is currently available for this issue.