Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57699 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege. | |||||
| CVE-2019-25271 | 2026-04-15 | N/A | 7.8 HIGH | ||
| NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. | |||||
| CVE-2020-36986 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot. | |||||
| CVE-2025-10714 | 2026-04-15 | N/A | 8.4 HIGH | ||
| AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer. | |||||
| CVE-2020-36952 | 2026-04-15 | N/A | 7.8 HIGH | ||
| IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup. | |||||
| CVE-2021-47880 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot. | |||||
| CVE-2025-62225 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |||||
| CVE-2021-47879 | 2026-04-15 | N/A | 7.8 HIGH | ||
| eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions. | |||||
| CVE-2020-37020 | 2026-04-15 | N/A | 7.8 HIGH | ||
| SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart. | |||||
| CVE-2019-25304 | 2026-04-15 | N/A | 7.8 HIGH | ||
| SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup. | |||||
| CVE-2020-36990 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. | |||||
| CVE-2020-36989 | 2026-04-15 | N/A | 7.8 HIGH | ||
| ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup. | |||||
| CVE-2023-54338 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions. | |||||
| CVE-2021-47884 | 2026-04-15 | N/A | 7.8 HIGH | ||
| OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | |||||
| CVE-2020-36991 | 2026-04-15 | N/A | 7.8 HIGH | ||
| ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup. | |||||
| CVE-2022-50693 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges. | |||||
| CVE-2021-47826 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\NTI\Acer Backup Manager\ to inject malicious executables that would run with elevated LocalSystem privileges. | |||||
| CVE-2025-66271 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |||||
| CVE-2023-54336 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup. | |||||
| CVE-2020-36953 | 2026-04-15 | N/A | 7.8 HIGH | ||
| MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges. | |||||