Export limit exceeded: 363807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (37 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44595 1 Wondershare 1 Dr.fone 2026-07-05 8.8 High
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
CVE-2021-44596 1 Wondershare 1 Dr.fone 2026-07-04 9.8 Critical
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
CVE-2020-37254 1 Wondershare 1 Pdfelement 2026-06-23 7.8 High
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.
CVE-2022-50904 1 Wondershare 1 Ubackit 2026-04-15 8.4 High
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
CVE-2022-50690 1 Wondershare 1 Mirrorgo 2026-04-15 8.4 High
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.
CVE-2019-25266 1 Wondershare 1 Application Framework Service 2026-04-15 7.8 High
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
CVE-2025-0834 1 Wondershare 1 Dr.fone 2026-04-15 7.8 High
Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.
CVE-2022-50902 1 Wondershare 1 Famisafe 2026-04-15 8.4 High
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
CVE-2020-36977 1 Wondershare 1 Driver Install Service Help 2026-04-15 7.8 High
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.
CVE-2022-50903 1 Wondershare 1 Mobiletrans 2026-03-05 8.4 High
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
CVE-2022-50901 1 Wondershare 1 Dr.fone 2026-03-05 8.4 High
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
CVE-2022-50900 1 Wondershare 1 Dr.fone 2026-03-05 8.4 High
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.
CVE-2019-25344 1 Wondershare 2 Mobilego, Mobiletrans 2026-03-05 7.8 High
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.
CVE-2025-10643 1 Wondershare 1 Repairit 2025-09-19 N/A
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.
CVE-2025-10644 1 Wondershare 1 Repairit 2025-09-19 N/A
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack and execute arbitrary code on customers' endpoints. Was ZDI-CAN-26892.
CVE-2025-5180 2 Microsoft, Wondershare 2 Windows, Filmora 2025-06-03 7 High
A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-26574 1 Wondershare 1 Filmora 2025-03-28 7.8 High
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
CVE-2020-23438 1 Wondershare 1 Filmora 2025-03-26 7.8 High
Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.
CVE-2023-27010 1 Wondershare 1 Dr.fone 2025-03-03 7.8 High
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
CVE-2023-27759 1 Wondershare 1 Edrawmind 2025-02-14 7.8 High
An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file.