|
1701
|
7.8 |
HIGH
Local
|
-
|
-
|
Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate dir…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2019-25747
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1702
|
7.8 |
HIGH
Local
|
-
|
-
|
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37251
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1703
|
7.8 |
HIGH
Local
|
-
|
-
|
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the P…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37253
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1704
|
7.8 |
HIGH
Local
|
-
|
-
|
Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable i…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2021-47985
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1705
|
7.8 |
HIGH
Local
|
-
|
-
|
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2023-54353
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1706
|
7.1 |
HIGH
Network
|
-
|
-
|
gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints `/rest/deletePlaylist.view` and `/rest/getPlaylist.view` perf…
New
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49338
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1707
|
8.1 |
HIGH
Network
|
-
|
-
|
gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (i…
New
|
CWE-22
CWE-697
CWE-732
Path Traversal
Incorrect Comparison
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-49340
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1708
|
- |
|
-
|
-
|
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulner…
New
|
CWE-78
OS Command
|
CVE-2026-48787
|
2026-06-24 00:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1709
|
- |
|
-
|
-
|
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data …
New
|
CWE-148
|
CVE-2026-12862
|
2026-06-24 00:42 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1710
|
- |
|
-
|
-
|
An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.
New
|
CWE-601
Open Redirect
|
CVE-2026-12863
|
2026-06-24 00:42 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
