Search Results (2 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-47889 2 Cd-messenger Project, Softros Systems 2 Cd-messenger, Lan Messenger 2026-07-15 7.8 High
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
CVE-2020-7675 1 Cd-messenger Project 1 Cd-messenger 2024-11-21 9.8 Critical
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.