CVE-2020-37059 – Popcorn Time 6.2 – ‘Update service’ Unquoted Service Path

CVE ID : CVE-2020-37059

Published : Jan. 30, 2026, 4:16 p.m. | 54 minutes ago

Description : Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-1690 – Tenda HG10 formSysCmd system command injection

CVE-2026-1689 – Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

CVE-2020-37060 – Atomic Alarm Clock x86 6.3 – ‘AtomicAlarmClock’ Unquoted Service Path

CVE-2020-37058 – Andrea ST Filters Service 1.0.64.7 – Unquoted service path