Monthly
Local arbitrary code execution in Rockwell Automation Studio 5000 Logix Designer arises because the External Tools configuration stores executable paths that contain spaces without quoting (CWE-428). A low-privileged local user who can write a malicious binary into an earlier segment of the resolved search path can have Windows execute it in place of the intended tool, running code with the privileges of the operator using the application. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 score is 7.3 (High), tempered by local access, high attack complexity, a present attack requirement, and required active user interaction.
Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.
Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Local arbitrary code execution in Rockwell Automation Studio 5000 Logix Designer arises because the External Tools configuration stores executable paths that contain spaces without quoting (CWE-428). A low-privileged local user who can write a malicious binary into an earlier segment of the resolved search path can have Windows execute it in place of the intended tool, running code with the privileges of the operator using the application. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 score is 7.3 (High), tempered by local access, high attack complexity, a present attack requirement, and required active user interaction.
Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.
Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.