Export limit exceeded: 361542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53912 | 2 Malwarebytes, Microsoft | 2 Binosoft Usb Flash Drives Control, Windows | 2026-04-15 | 6.2 Medium |
| USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems. | ||||
| CVE-2019-25285 | 1 Alps | 1 Pointing-device Controller | 2026-04-15 | 7.8 High |
| Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots. | ||||
| CVE-2019-25283 | 1 Shrew | 1 Vpn Client | 2026-04-15 | 7.8 High |
| Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot. | ||||
| CVE-2019-25281 | 1 Ncp-e | 1 Ncp Secure Entry Client | 2026-04-15 | 7.8 High |
| NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2019-25272 | 1 Tenaxsoft | 1 Cyberplanet | 2026-04-15 | 7.8 High |
| TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges. | ||||
| CVE-2019-25269 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2024-1618 | 2026-04-15 | 7.8 High | ||
| A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. | ||||
| CVE-2024-21774 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-8299 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2026-04-15 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products. | ||||
| CVE-2025-8070 | 1 Asustor | 2 Abp, Aes | 2026-04-15 | N/A |
| The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces. Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier. | ||||
| CVE-2020-37037 | 1 Avast | 2 Secureline, Secureline Vpn | 2026-04-15 | 7.8 High |
| Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup. | ||||
| CVE-2023-53984 | 1 Clevo | 1 Hotkey Clipboard | 2026-04-15 | 8.4 High |
| Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations. | ||||
| CVE-2024-22167 | 2026-04-15 | 7.9 High | ||
| A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated. | ||||
| CVE-2025-8557 | 1 Lenovo | 1 Xclarity Orchestrator | 2026-04-15 | 8.8 High |
| An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks. | ||||
| CVE-2025-15569 | 1 Artifex | 1 Mupdf | 2026-04-15 | 7 High |
| A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended. | ||||
| CVE-2025-1542 | 2026-04-15 | N/A | ||
| Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0. | ||||
| CVE-2025-10939 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 3.7 Low |
| A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed. | ||||
| CVE-2025-24923 | 1 Intel | 1 Ai For Erg Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-61865 | 2 Iodata, Microsoft | 2 Narsus App, Windows | 2026-04-15 | N/A |
| Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2024-21766 | 1 Intel | 1 Oneapi Math Kernel Library | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||