Total
422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54338 | 1 Tftpd32 | 1 Tftpd32 | 2026-04-07 | 8.4 High |
| Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions. | ||||
| CVE-2023-53984 | 1 Clevo | 1 Hotkey Clipboard | 2026-04-07 | 8.4 High |
| Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations. | ||||
| CVE-2023-53954 | 1 Actfax | 1 Actfax | 2026-04-07 | 6.2 Medium |
| ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts. | ||||
| CVE-2023-53947 | 1 Ocsinventory-ng | 2 Ocs Inventory Ng, Ocsinventory Ng | 2026-04-07 | 8.4 High |
| OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges. | ||||
| CVE-2023-53946 | 1 Arcsoft | 1 Photostudio | 2026-04-07 | 8.4 High |
| Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions. | ||||
| CVE-2023-53912 | 2 Malwarebytes, Microsoft | 2 Binosoft Usb Flash Drives Control, Windows | 2026-04-07 | 6.2 Medium |
| USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems. | ||||
| CVE-2022-50917 | 2 Proton, Protonvpn | 2 Protonvpn, Protonvpn | 2026-04-07 | 7.8 High |
| ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup. | ||||
| CVE-2022-50915 | 1 Primera | 1 Ptpublisher | 2026-04-07 | 7.8 High |
| PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access. | ||||
| CVE-2022-50914 | 1 Easeus | 1 Data Recovery | 2026-04-07 | 8.4 High |
| EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. | ||||
| CVE-2021-47864 | 1 Osas | 1 Traverse Extension | 2026-04-07 | 7.8 High |
| OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access. | ||||
| CVE-2021-47863 | 1 Macpaw | 1 Encrypto | 2026-04-07 | 7.8 High |
| MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems. | ||||
| CVE-2021-47787 | 1 Totalav | 1 Totalav | 2026-04-07 | 7.8 High |
| TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. | ||||
| CVE-2021-47762 | 1 Httpdebugger | 1 Httpdebuggerpro | 2026-04-07 | 7.8 High |
| HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system. | ||||
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-04-07 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2020-36975 | 1 Epson | 1 Status Monitor 3 | 2026-04-07 | 7.8 High |
| EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36953 | 1 Minitool | 1 Shadowmaker | 2026-04-07 | 7.8 High |
| MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36952 | 1 Iobit | 2 Iobit Unlocker, Uninstaller | 2026-04-07 | 7.8 High |
| IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup. | ||||
| CVE-2016-20058 | 1 Netgate | 1 Netgate Amiti Antivirus | 2026-04-07 | 7.8 High |
| Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20057 | 1 Netgate | 1 Netgate Registry Cleaner | 2026-04-07 | 7.8 High |
| NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20060 | 2 Hotspotshield, Pango | 2 Hotspot Shield, Hotspot Shield | 2026-04-07 | 7.8 High |
| Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges. | ||||