Search Results (456 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-53912 2 Malwarebytes, Microsoft 2 Binosoft Usb Flash Drives Control, Windows 2026-04-15 6.2 Medium
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.
CVE-2020-37098 1 Disksorter 1 Disk Sorter 2026-04-15 7.8 High
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2020-37099 1 Disksavvy 1 Disksavvy Enterprise 2026-04-15 7.8 High
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
CVE-2023-53984 1 Clevo 1 Hotkey Clipboard 2026-04-15 8.4 High
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.
CVE-2020-36983 2 Pablo Software Solutions, Pablosoftwaresolutions 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server 2026-04-15 7.8 High
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.
CVE-2025-57699 2 Microsoft, Western Digital 2 Windows, Kitfox 2026-04-15 N/A
Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.
CVE-2020-36984 1 Epson 1 Senadb 2026-04-15 7.8 High
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.
CVE-2020-36991 1 Sharemouse 1 Sharemouse 2026-04-15 7.8 High
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.
CVE-2020-36992 1 Nordvpn 1 Nordvpn 2026-04-15 7.8 High
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.
CVE-2025-1984 2026-04-15 5.2 Medium
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
CVE-2023-53946 1 Arcsoft 1 Photostudio 2026-04-15 8.4 High
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
CVE-2025-64151 2 Microsoft, Roboticsware 5 Windows, Ba-panel6, Fa-panel6 and 2 more 2026-04-15 N/A
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
CVE-2020-37060 1 Drive-software 1 Atomic Alarm Clock X86 2026-04-15 7.8 High
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.
CVE-2022-50904 1 Wondershare 1 Ubackit 2026-04-15 8.4 High
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
CVE-2025-62225 2 Microsoft, Sony 2 Windows, Optical Disc Archive Software 2026-04-15 N/A
Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
CVE-2025-59307 2 Century, Microsoft 2 Raid Manager, Windows 2026-04-15 N/A
RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
CVE-2019-25309 1 Zilab Software 1 Zilab Remote Console Server 2026-04-15 7.8 High
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
CVE-2025-12286 1 Veepn 1 Veepn 2026-04-15 7 High
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-50935 1 Telcel 1 Flame Ii Modem Usb 2026-04-15 9.8 Critical
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
CVE-2025-66264 1 Megatec 1 Upsilon2000 2026-04-15 N/A
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.