Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-1585 1 Canon 1 Ij Scan Utility 2026-04-16 6.7 Medium
An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.
CVE-2026-26033 2 Dell, Dell Inc. 2 Ups Multi-ups Management Console, Ups Multi-ups Management Console (mumc) 2026-04-16 N/A
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
CVE-2026-26034 2 Dell, Dell Inc. 2 Ups Multi-ups Management Console, Ups Multi-ups Management Console (mumc) 2026-04-16 N/A
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.
CVE-2016-20055 1 Iobit 3 Advanced System Care, Advanced Systemcare, Advanced Systemcare Ultimate 2026-04-15 7.8 High
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
CVE-2017-20218 1 Serviio 1 Serviio Pro 2026-04-15 7.8 High
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.
CVE-2021-47882 1 Freelan 1 Freelan 2026-04-15 7.8 High
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
CVE-2021-47739 1 Epicgames 1 Easy Anti-cheat 2026-04-15 8.4 High
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
CVE-2022-50693 1 Splashtop 1 Splashtop 2026-04-15 8.4 High
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.
CVE-2023-53984 1 Clevo 1 Hotkey Clipboard 2026-04-15 8.4 High
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.
CVE-2021-47890 1 Softros Systems 1 Logonexpert 2026-04-15 7.8 High
LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.
CVE-2022-50935 1 Telcel 1 Flame Ii Modem Usb 2026-04-15 9.8 Critical
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
CVE-2022-50938 1 Contpaqi 1 Adminpaq 2026-04-15 8.4 High
CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup.
CVE-2025-57699 2 Microsoft, Western Digital 2 Windows, Kitfox 2026-04-15 N/A
Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.
CVE-2019-25304 1 Issivs 1 Securos Enterprise 2026-04-15 7.8 High
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.
CVE-2024-22437 2026-04-15 7.3 High
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.
CVE-2025-66271 2 Elecom, Microsoft 2 Clone For Windows, Windows 2026-04-15 N/A
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
CVE-2020-37055 1 Enigmasoftware 1 Spyhunter 2026-04-15 7.8 High
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
CVE-2021-47822 1 Diskboss 1 Diskboss Service 2026-04-15 7.8 High
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup.
CVE-2025-9043 1 Seagate 1 Toolkit 2026-04-15 N/A
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges.
CVE-2019-25287 1 Lavasoft 1 Web Companion 2026-04-15 7.8 High
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup.