|
2421
|
7.8 |
HIGH
Local
|
-
|
-
|
Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executabl…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20088
|
2026-06-23 06:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2422
|
7.8 |
HIGH
Local
|
-
|
-
|
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local att…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20090
|
2026-06-23 06:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2423
|
8.8 |
HIGH
Network
|
-
|
-
|
PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_…
|
CWE-863
Incorrect Authorization
|
CVE-2026-56075
|
2026-06-23 06:15 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2424
|
8.1 |
HIGH
Network
|
-
|
-
|
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks au…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-56076
|
2026-06-23 06:15 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2425
|
7.8 |
HIGH
Local
|
-
|
-
|
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service pat…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20085
|
2026-06-23 06:14 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2426
|
7.8 |
HIGH
Local
|
-
|
-
|
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can p…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-37250
|
2026-06-23 06:14 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2427
|
7.8 |
HIGH
Local
|
-
|
-
|
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20091
|
2026-06-23 06:14 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2428
|
4.8 |
MEDIUM
Physics
|
-
|
-
|
capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded() method fails to validate CryptoObject parameters. Attackers can hook t…
|
CWE-287
Improper Authentication
|
CVE-2026-56294
|
2026-06-23 06:14 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2429
|
- |
|
-
|
-
|
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.
|
CWE-79
Cross-site Scripting
|
CVE-2026-8296
|
2026-06-23 05:44 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2430
|
- |
|
-
|
-
|
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in th…
|
CWE-285
Improper Authorization
|
CVE-2026-12673
|
2026-06-23 05:44 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|