Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47879 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
|
|||||
| CVE-2021-47864 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.
|
|||||
| CVE-2021-47866 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
|
|||||
| CVE-2021-47867 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
|
|||||
| CVE-2021-47874 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
|
|||||
| CVE-2021-47859 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges.
|
|||||
| CVE-2021-47882 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
|
|||||
| CVE-2021-47883 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.
|
|||||
| CVE-2021-47889 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2020-36933 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
|
|||||
| CVE-2021-47898 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.
|
|||||
| CVE-2021-47890 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
|
|||||
| CVE-2020-36936 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.
|
|||||
| CVE-2020-36937 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.
|
|||||
| CVE-2020-36934 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
|
|||||
| CVE-2020-36935 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.
|
|||||
| CVE-2021-47896 | 2026-01-26 | N/A | 7.8 HIGH | ||
|
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
|
|||||
| CVE-2021-47773 | 1 Dynojet | 1 Power Core | 2026-01-23 | N/A | 7.8 HIGH |
|
Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.
|
|||||
| CVE-2021-47780 | 1 Macro-expert | 1 Macro Expert | 2026-01-21 | N/A | 7.8 HIGH |
|
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup.
|
|||||
| CVE-2021-47805 | 1 Flexense | 1 Disksavvy | 2026-01-21 | N/A | 7.8 HIGH |
|
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.
|
|||||
| CVE-2024-58315 | 2 Microsoft, Tosi | 2 Windows, Tosibox Key | 2026-01-16 | N/A | 7.8 HIGH |
|
Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.
|
|||||
| CVE-2025-43993 | 1 Dell | 28 Latitude 5350, Latitude 5350 Firmware, Latitude 5550 and 25 more | 2026-01-16 | N/A | 7.8 HIGH |
|
Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution.
|
|||||
| CVE-2021-47762 | 2026-01-16 | N/A | 7.8 HIGH | ||
|
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system.
|
|||||
| CVE-2021-47803 | 2026-01-16 | N/A | 7.8 HIGH | ||
|
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts.
|
|||||
| CVE-2021-47804 | 2026-01-16 | N/A | 7.8 HIGH | ||
|
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.
|
|||||
| CVE-2023-54338 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.
|
|||||
| CVE-2022-50913 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.
|
|||||
| CVE-2023-53984 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.
|
|||||
| CVE-2023-54336 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
|
|||||
| CVE-2022-50914 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
|
|||||
| CVE-2022-50924 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
|
|||||
| CVE-2022-50918 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific system directories to gain LocalSystem access during service startup.
|
|||||
| CVE-2022-50904 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
|
|||||
| CVE-2022-50930 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
|
|||||
| CVE-2022-50693 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.
|
|||||
| CVE-2022-50929 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2022-50920 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
|
|||||
| CVE-2022-50938 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup.
|
|||||
| CVE-2022-50935 | 2026-01-14 | N/A | 9.8 CRITICAL | ||
|
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
|
|||||
| CVE-2019-25231 | 2026-01-08 | N/A | 8.4 HIGH | ||
|
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
|
|||||