Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-66264 1 Megatec 1 Upsilon2000 2026-04-15 N/A
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.
CVE-2024-34010 1 Acronis 1 Cyber Protect Cloud Agent 2026-04-15 N/A
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.
CVE-2019-25269 1 Microsoft 1 Windows 2026-04-15 7.8 High
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
CVE-2024-1618 2026-04-15 7.8 High
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running.
CVE-2025-1984 2026-04-15 5.2 Medium
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
CVE-2020-36953 1 Minitool 1 Shadowmaker 2026-04-15 7.8 High
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.
CVE-2025-24831 2026-04-15 N/A
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2019-25281 1 Ncp-e 1 Ncp Secure Entry Client 2026-04-15 7.8 High
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
CVE-2020-37045 1 Veritas 2 Netbackup, Netbackup Firmware 2026-04-15 7.8 High
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
CVE-2019-25271 1 Netgate 1 Data Backup 2026-04-15 7.8 High
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
CVE-2019-25274 1 Photodex 1 Proshow Producer 2026-04-15 7.8 High
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2019-25275 1 Filehorse 1 Bartvpn 2026-04-15 7.8 High
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service's execution context.
CVE-2022-50904 1 Wondershare 1 Ubackit 2026-04-15 8.4 High
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
CVE-2024-58288 2 Genexus, Microsoft 2 Protection Server, Windows 2026-04-15 N/A
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.
CVE-2020-36992 1 Nordvpn 1 Nordvpn 2026-04-15 7.8 High
Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.
CVE-2023-54336 1 Infonetsoftware 1 Mediconta 2026-04-15 8.4 High
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
CVE-2022-50920 2 Sandboxie, Sandboxie-plus 2 Sandboxie, Sandboxie 2026-04-15 8.4 High
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2025-0884 2026-04-15 N/A
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.
CVE-2020-36991 1 Sharemouse 1 Sharemouse 2026-04-15 7.8 High
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.
CVE-2020-36990 1 Inputdirector 1 Input Director 2026-04-15 7.8 High
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.