Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26033 | 2026-03-05 | N/A | 6.7 MEDIUM | ||
|
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
|
|||||
| CVE-2026-1585 | 2026-03-03 | N/A | 6.7 MEDIUM | ||
|
An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.
|
|||||
| CVE-2022-50923 | 1 Cobiansoft | 1 Cobian Backup | 2026-03-02 | N/A | 7.8 HIGH |
|
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
|
|||||
| CVE-2022-50917 | 1 Proton | 1 Protonvpn | 2026-03-02 | N/A | 7.8 HIGH |
|
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
|
|||||
| CVE-2022-50915 | 1 Primera | 1 Ptpublisher | 2026-03-02 | N/A | 7.8 HIGH |
|
PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access.
|
|||||
| CVE-2019-25308 | 1 Mikogo | 1 Mikogo | 2026-02-26 | N/A | 7.8 HIGH |
|
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
|
|||||
| CVE-2019-25261 | 1 Anydesk | 1 Anydesk | 2026-02-25 | N/A | 7.8 HIGH |
|
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
|
|||||
| CVE-2025-12286 | 2026-02-24 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2020-37100 | 1 Flexense | 1 Syncbreeze | 2026-02-20 | N/A | 7.8 HIGH |
|
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
|
|||||
| CVE-2026-2542 | 2026-02-18 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on the local host. This attack is characterized by high complexity. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2019-25267 | 1 Wftpserver | 1 Wing Ftp Server | 2026-02-18 | N/A | 7.8 HIGH |
|
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
|
|||||
| CVE-2025-59888 | 1 Eaton | 1 Ups Companion | 2026-02-18 | N/A | 6.7 MEDIUM |
|
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the
file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.
|
|||||
| CVE-2019-25345 | 2026-02-13 | N/A | 7.8 HIGH | ||
|
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
|
|||||
| CVE-2019-25307 | 2026-02-11 | N/A | 7.8 HIGH | ||
|
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
|
|||||
| CVE-2019-25309 | 2026-02-11 | N/A | 7.8 HIGH | ||
|
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
|
|||||
| CVE-2019-25310 | 2026-02-11 | N/A | 7.8 HIGH | ||
|
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
|
|||||
| CVE-2019-25306 | 2026-02-11 | N/A | 7.8 HIGH | ||
|
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
|
|||||
| CVE-2020-37017 | 2026-02-09 | N/A | 7.8 HIGH | ||
|
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
|
|||||
| CVE-2026-24466 | 2026-02-09 | N/A | 6.7 MEDIUM | ||
|
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
|
|||||
| CVE-2020-36927 | 1 Flexense | 1 Diskpulse | 2026-02-09 | N/A | 7.8 HIGH |
|
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2020-36928 | 1 Brother | 1 Bragent | 2026-02-09 | N/A | 7.8 HIGH |
|
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
|
|||||
| CVE-2020-36929 | 1 Brother | 1 Brprint Auditor | 2026-02-09 | N/A | 7.8 HIGH |
|
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
|
|||||
| CVE-2020-36930 | 1 Flexense | 1 Sysgauge | 2026-02-09 | N/A | 7.8 HIGH |
|
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2021-47787 | 1 Totalav | 1 Totalav | 2026-02-09 | N/A | 7.8 HIGH |
|
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
|
|||||
| CVE-2019-25305 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
|
|||||
| CVE-2019-25266 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
|
|||||
| CVE-2019-25293 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges.
|
|||||
| CVE-2019-25304 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.
|
|||||
| CVE-2019-25292 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
|
|||||
| CVE-2019-25302 | 2026-02-06 | N/A | 7.8 HIGH | ||
|
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
|
|||||
| CVE-2025-36384 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 8.4 HIGH |
|
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
|
|||||
| CVE-2019-25274 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
|
|||||
| CVE-2019-25287 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup.
|
|||||
| CVE-2019-25272 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
|
|||||
| CVE-2019-25271 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
|
|||||
| CVE-2019-25286 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
|
|||||
| CVE-2019-25273 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2019-25283 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.
|
|||||
| CVE-2019-25288 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.
|
|||||
| CVE-2019-25285 | 2026-02-05 | N/A | 7.8 HIGH | ||
|
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
|
|||||