8.6
CVE-2022-50925 - Prowise Reflect v1.0.9 - Remote Keystroke Injection
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specificβ¦
8.5
CVE-2022-50924 - Private Internet Access 3.3 - 'pia-service' Unquoted Service Path
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSysteβ¦
8.5
CVE-2022-50923 - Cobian Backup 0.9 - Unquoted Service Path
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions dβ¦
8.6
CVE-2022-50922 - Audio Conversion Wizard v2.01 - Buffer Overflow
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code β¦
8.5
CVE-2022-50921 - WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during sβ¦
8.5
CVE-2022-50920 - Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during β¦
9.3
CVE-2022-50919 - Tdarr 2.00.15 - Command Injection
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without autβ¦
8.5
CVE-2022-50918 - VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access dβ¦
8.5
CVE-2022-50917 - ProtonVPN 1.26.0 - Unquoted Service Path
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privβ¦
8.7
CVE-2022-50916 - e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.php β¦