Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47898 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access. | |||||
| CVE-2023-53912 | 2026-04-15 | N/A | 6.2 MEDIUM | ||
| USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems. | |||||
| CVE-2020-36935 | 2026-04-15 | N/A | 7.8 HIGH | ||
| KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges. | |||||
| CVE-2019-25306 | 2026-04-15 | N/A | 7.8 HIGH | ||
| BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup. | |||||
| CVE-2025-61871 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | |||||
| CVE-2020-37037 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup. | |||||
| CVE-2020-37061 | 2026-04-15 | N/A | 7.8 HIGH | ||
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | |||||
| CVE-2019-25309 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions. | |||||
| CVE-2020-37064 | 2026-04-15 | N/A | 7.8 HIGH | ||
| EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges. | |||||
| CVE-2021-47822 | 2026-04-15 | N/A | 7.8 HIGH | ||
| DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup. | |||||
| CVE-2024-1618 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. | |||||
| CVE-2020-36937 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges. | |||||
| CVE-2020-36936 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path. | |||||
| CVE-2020-37062 | 2026-04-15 | N/A | 7.8 HIGH | ||
| DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts. | |||||
| CVE-2021-47867 | 2026-04-15 | N/A | 7.8 HIGH | ||
| WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup. | |||||
| CVE-2021-47889 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges. | |||||
| CVE-2021-47825 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permissions during service startup. | |||||
| CVE-2024-36321 | 2026-04-15 | N/A | 7.3 HIGH | ||
| Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | |||||
| CVE-2022-50904 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup. | |||||
| CVE-2022-50929 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges. | |||||