Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12507 | 2026-04-15 | N/A | 8.8 HIGH | ||
| The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed. | |||||
| CVE-2026-1585 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service. | |||||
| CVE-2020-37060 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access. | |||||
| CVE-2019-25292 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access. | |||||
| CVE-2021-47859 | 2026-04-15 | N/A | 7.8 HIGH | ||
| ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges. | |||||
| CVE-2025-1984 | 2026-04-15 | N/A | 5.2 MEDIUM | ||
| Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | |||||
| CVE-2022-50930 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup. | |||||
| CVE-2025-32449 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2019-25310 | 2026-04-15 | N/A | 7.8 HIGH | ||
| ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges. | |||||
| CVE-2020-37017 | 2026-04-15 | N/A | 7.8 HIGH | ||
| CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. | |||||
| CVE-2021-47882 | 2026-04-15 | N/A | 7.8 HIGH | ||
| FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. | |||||
| CVE-2025-9043 | 2026-04-15 | N/A | N/A | ||
| The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges. | |||||
| CVE-2020-36976 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup. | |||||
| CVE-2024-3640 | 2026-04-15 | N/A | N/A | ||
| An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. | |||||
| CVE-2022-50938 | 2026-04-15 | N/A | 8.4 HIGH | ||
| CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup. | |||||
| CVE-2025-12286 | 2026-04-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-47868 | 2026-04-15 | N/A | 7.8 HIGH | ||
| WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions. | |||||
| CVE-2025-9818 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contains spaces, there is a possibility that unauthorized files may be executed under the service privileges by using paths containing spaces. | |||||
| CVE-2021-47869 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges. | |||||
| CVE-2019-25274 | 2026-04-15 | N/A | 7.8 HIGH | ||
| ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup. | |||||