CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30248
https://notcve.org/view.php?id=CVE-2025-30248
26 Jan 2026 — DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path. • https://www.westerndigital.com/support/product-security/wdc-25008-wd-discovery-desktop-app-version-5-3 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23888 – pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)
https://notcve.org/view.php?id=CVE-2026-23888
26 Jan 2026 — It can lead to overwriting config files, scripts, or other sensitive files leading to RCE. Version 10.28.1 contains a patch. • https://github.com/pnpm/pnpm/commit/5c382f0ca3b7cc49963b94677426e66539dcb3f5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal CWE-426: Untrusted Search Path •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36959 – IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-36959
26 Jan 2026 — IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account permissions during service startup. • https://www.exploit-db.com/exploits/49191 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36958 – Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-36958
26 Jan 2026 — Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. • https://www.exploit-db.com/exploits/49205 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36953 – MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-36953
26 Jan 2026 — MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. • https://www.exploit-db.com/exploits/49336 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-1284 – Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026
https://notcve.org/view.php?id=CVE-2026-1284
26 Jan 2026 — An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1284 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-1283 – Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026
https://notcve.org/view.php?id=CVE-2026-1283
26 Jan 2026 — A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1283 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15057 – Apache Continuum: Command injection leading to RCE
https://notcve.org/view.php?id=CVE-2016-15057
26 Jan 2026 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the server. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. • https://lists.apache.org/thread/hbvf1ztqw2kv51khvzm5nk3mml3nm4z1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1423 – code-projects Online Examination System admin_pic.php unrestricted upload
https://notcve.org/view.php?id=CVE-2026-1423
26 Jan 2026 — A vulnerability was determined in code-projects Online Examination System 1.0. ... The attack may be performed from remote. • https://code-projects.org • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36937 – MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-36937
25 Jan 2026 — Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. • https://www.exploit-db.com/exploits/49016 • CWE-428: Unquoted Search Path or Element •