CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5180 – Wondershare Filmora Installer NFWCHK.exe uncontrolled search path
https://notcve.org/view.php?id=CVE-2025-5180
26 May 2025 — A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. • https://gist.github.com/shellkraft/aa66561e984e83052bd080f195a3ec80 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-23438
https://notcve.org/view.php?id=CVE-2020-23438
04 Mar 2025 — Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. • https://cvewalkthrough.com/cve-2020-23438-wondershare-filmora-9-2-11-trojan-dll-hijacking-leading-to-privilege-escalation • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0834 – Wondershare Dr.Fone Privilege Scalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0834
30 Jan 2025 — Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically. • https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-26574
https://notcve.org/view.php?id=CVE-2024-26574
08 Apr 2024 — Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe La vulnerabilidad de permisos inseguros en Wondershare Filmora v.13.0.51 permite a un atacante local ejecutar código arbitrario a través de un script manipulado en WSNativePushService.exe • https://github.com/Alaatk/CVE-2024-26574 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2023-31747 – Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-31747
19 May 2023 — Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. Filmora version 12 Build 1.0.0.7 suffers from an unquoted service path vulnerability. • https://packetstorm.news/files/id/172464 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-31748 – MobileTrans 4.0.11 - Weak Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-31748
19 May 2023 — Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. MobileTrans version 4.0.11 suffers from having a weak service permission vulnerability. • https://packetstorm.news/files/id/172466 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29835
https://notcve.org/view.php?id=CVE-2023-29835
26 Apr 2023 — Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. • https://github.com/IthacaLabs/Wondershare/tree/main/Dr.Fone •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27763
https://notcve.org/view.php?id=CVE-2023-27763
04 Apr 2023 — An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. • https://github.com/liong007/Wondershare/issues/5 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27766
https://notcve.org/view.php?id=CVE-2023-27766
04 Apr 2023 — An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. • https://github.com/liong007/Wondershare/issues/2 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27770
https://notcve.org/view.php?id=CVE-2023-27770
04 Apr 2023 — An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. • https://github.com/liong007/Wondershare/issues/10 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-426: Untrusted Search Path •