Export limit exceeded: 361826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (456 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37058 | 1 Andrea Electronics | 1 Andrea St Filters Service | 2026-04-15 | 7.8 High |
| Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup. | ||||
| CVE-2020-37060 | 1 Drive-software | 1 Atomic Alarm Clock X86 | 2026-04-15 | 7.8 High |
| Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access. | ||||
| CVE-2020-37061 | 1 Weird Solutions | 1 Bootpturbo | 2026-04-15 | 7.8 High |
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | ||||
| CVE-2025-5191 | 2 Microsoft, Moxa | 5 Windows, Drp-a100, Drp-c100 and 2 more | 2026-04-15 | N/A |
| An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems. | ||||
| CVE-2025-61865 | 2 Iodata, Microsoft | 2 Narsus App, Windows | 2026-04-15 | N/A |
| Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2021-47878 | 1 Luidia | 1 Ebeam Education Suite | 2026-04-15 | 7.8 High |
| eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2023-54338 | 1 Tftpd32 | 1 Tftpd32 | 2026-04-15 | 8.4 High |
| Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions. | ||||
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-04-15 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2020-37101 | 2 Keepsolid, Vpnunlimitedapp | 2 Vpn Unlimited, Vpn Unlimited | 2026-04-15 | 7.8 High |
| VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges. | ||||
| CVE-2020-37102 | 2 Codeworkweb, Lavasoft | 2 Cww Companion, Web Companion | 2026-04-15 | 7.8 High |
| Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup. | ||||
| CVE-2025-58400 | 2 Microsoft, Ratocsystems | 2 Windows, Raid Monitoring Manager | 2026-04-15 | N/A |
| RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2025-8070 | 1 Asustor | 2 Abp, Aes | 2026-04-15 | N/A |
| The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces. Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier. | ||||
| CVE-2021-47864 | 1 Osas | 1 Traverse Extension | 2026-04-15 | 7.8 High |
| OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access. | ||||
| CVE-2019-25287 | 1 Lavasoft | 1 Web Companion | 2026-04-15 | 7.8 High |
| Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2019-25288 | 1 Wacom | 1 Wtabletservice | 2026-04-15 | 7.8 High |
| Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots. | ||||
| CVE-2020-36935 | 1 Kmspico | 1 Service Kmseldi | 2026-04-15 | 7.8 High |
| KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2020-36937 | 1 Microvirt | 1 Memu Play | 2026-04-15 | 7.8 High |
| Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges. | ||||
| CVE-2021-47762 | 1 Httpdebugger | 1 Httpdebuggerpro | 2026-04-15 | 7.8 High |
| HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system. | ||||
| CVE-2021-47822 | 1 Diskboss | 1 Diskboss Service | 2026-04-15 | 7.8 High |
| DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup. | ||||
| CVE-2021-47823 | 1 Acer | 1 Epowersvc | 2026-04-15 | 7.8 High |
| Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||