Search Results (456 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-47823 1 Acer 1 Epowersvc 2026-04-15 7.8 High
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVE-2021-47822 1 Diskboss 1 Diskboss Service 2026-04-15 7.8 High
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup.
CVE-2021-47803 1 I-funbox 1 Ifunbox 2026-04-15 7.8 High
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts.
CVE-2019-25231 2026-04-15 8.4 High
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
CVE-2021-47898 1 Epson 1 Usb Display 2026-04-15 7.8 High
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.
CVE-2024-3640 2026-04-15 N/A
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability.
CVE-2021-47890 1 Softros Systems 1 Logonexpert 2026-04-15 7.8 High
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
CVE-2019-25276 1 Rockwellautomation 2 Factorytalk Activation, Studio 2026-04-15 7.8 High
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
CVE-2025-32449 1 Intel 1 Pri Driver 2026-04-15 6.7 Medium
Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2019-25309 1 Zilab Software 1 Zilab Remote Console Server 2026-04-15 7.8 High
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
CVE-2025-12286 1 Veepn 1 Veepn 2026-04-15 7 High
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-50914 1 Easeus 1 Data Recovery 2026-04-15 8.4 High
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
CVE-2020-36903 1 Microsoft 1 Windows 2026-04-15 8.4 High
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.
CVE-2022-50920 2 Sandboxie, Sandboxie-plus 2 Sandboxie, Sandboxie 2026-04-15 8.4 High
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2024-22437 2026-04-15 7.3 High
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.
CVE-2022-50913 1 Itec 1 Tcq 2026-04-15 8.4 High
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.
CVE-2024-4031 2026-04-15 4.4 Medium
Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.
CVE-2025-9818 2 Microsoft, Omron 2 Windows, Poweract Pro Master Agent 2026-04-15 6.7 Medium
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces.
CVE-2024-36321 2026-04-15 7.3 High
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2025-0035 2026-04-15 7.3 High
Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.