Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50900 | 1 Wondershare | 1 Dr.fone | 2026-01-28 | N/A | 8.4 HIGH |
| Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup. | |||||
| CVE-2022-50901 | 1 Wondershare | 1 Dr.fone | 2026-01-28 | N/A | 8.4 HIGH |
| Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges. | |||||
| CVE-2022-50903 | 1 Wondershare | 1 Mobiletrans | 2026-01-28 | N/A | 8.4 HIGH |
| Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup. | |||||
| CVE-2021-47773 | 1 Dynojet | 1 Power Core | 2026-01-23 | N/A | 7.8 HIGH |
| Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access. | |||||
| CVE-2021-47780 | 1 Macro-expert | 1 Macro Expert | 2026-01-21 | N/A | 7.8 HIGH |
| Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup. | |||||
| CVE-2021-47805 | 1 Flexense | 1 Disksavvy | 2026-01-21 | N/A | 7.8 HIGH |
| Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges. | |||||
| CVE-2024-58315 | 2 Microsoft, Tosi | 2 Windows, Tosibox Key | 2026-01-16 | N/A | 7.8 HIGH |
| Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot. | |||||
| CVE-2025-43993 | 1 Dell | 28 Latitude 5350, Latitude 5350 Firmware, Latitude 5550 and 25 more | 2026-01-16 | N/A | 7.8 HIGH |
| Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution. | |||||
| CVE-2025-66575 | 1 Veepn | 1 Veepn | 2025-12-30 | N/A | 7.8 HIGH |
| VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows remote attackers to execute code during startup or reboot with escalated privileges. Attackers can exploit this by providing a malicious service name, allowing them to inject commands and run as LocalSystem. | |||||
| CVE-2025-57714 | 1 Qnap | 1 Netbak Replicator | 2025-12-08 | N/A | 7.8 HIGH |
| An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Replicator 4.5.15.0807 and later | |||||
| CVE-2024-9287 | 1 Python | 1 Python | 2025-11-03 | N/A | 7.8 HIGH |
| A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | |||||
| CVE-2025-10199 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-11-03 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. | |||||
| CVE-2025-54081 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-10-08 | N/A | 6.7 MEDIUM |
| Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222. | |||||
| CVE-2024-31226 | 1 Lizardbyte | 1 Sunshine | 2025-09-11 | N/A | 4.9 MEDIUM |
| Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories. | |||||
| CVE-2025-4540 | 2 Lodop, Microsoft | 2 C-lodop, Windows | 2025-07-08 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2023-39464 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A | 7.2 HIGH |
| Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538. | |||||
| CVE-2022-37197 | 1 Iobit | 1 Iotransfer | 2025-04-29 | N/A | 7.8 HIGH |
| IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | |||||
| CVE-2022-46662 | 1 Corel | 1 Roxio Creator Ljb | 2025-04-16 | N/A | 6.7 MEDIUM |
| Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A) | |||||
| CVE-2019-19705 | 1 Lenovo | 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more | 2025-04-14 | N/A | 7.8 HIGH |
| Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | |||||
| CVE-2024-24722 | 1 12dsynergy | 2 12dsynergy, File Replication Server | 2025-04-02 | N/A | 9.1 CRITICAL |
| An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235. | |||||