ReportizFlow
Filtered by vendor
Subscriptions
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25269 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2023-54336 | 1 Infonetsoftware | 1 Mediconta | 2026-04-15 | 8.4 High |
| Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2020-36977 | 1 Wondershare | 1 Driver Install Service Help | 2026-04-15 | 7.8 High |
| Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account. | ||||
| CVE-2019-25271 | 1 Netgate | 1 Data Backup | 2026-04-15 | 7.8 High |
| NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2021-47878 | 1 Luidia | 1 Ebeam Education Suite | 2026-04-15 | 7.8 High |
| eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2020-37017 | 1 Wibu | 1 Codemeter | 2026-04-15 | 7.8 High |
| CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2026-34768 | 2 Electron, Electronjs | 2 Electron, Electron | 2026-04-10 | 3.9 Low |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: true}) wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login instead of the intended app. On a default Windows install, standard system directories are protected against writes by standard users, so exploitation typically requires a non-standard install location. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. | ||||
| CVE-2022-50917 | 2 Proton, Protonvpn | 2 Protonvpn, Protonvpn | 2026-04-07 | 7.8 High |
| ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup. | ||||
| CVE-2022-50915 | 1 Primera | 1 Ptpublisher | 2026-04-07 | 7.8 High |
| PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access. | ||||
| CVE-2021-47787 | 1 Totalav | 1 Totalav | 2026-04-07 | 7.8 High |
| TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration. | ||||
| CVE-2025-41359 | 1 Smallsrv | 2 Small Http, Small Http Server | 2026-03-27 | 7.8 High |
| Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could allow arbitrary code execution, unauthorized access to the system, or service disruption. To mitigate the risk, the service path must be properly quoted, and systems must be kept up to date with security patches, while restricting physical and network access. | ||||
| CVE-2026-33253 | 1 Sanyo Denki | 2 Sanups Software, Sanups Software Standalone | 2026-03-26 | N/A |
| SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2023-54331 | 1 Getoutline | 1 Outline | 2026-03-05 | 7.8 High |
| Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions. | ||||
| CVE-2022-50923 | 1 Cobiansoft | 1 Cobian Backup | 2026-03-05 | 7.8 High |
| Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup. | ||||
| CVE-2022-50903 | 1 Wondershare | 1 Mobiletrans | 2026-03-05 | 8.4 High |
| Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2022-50901 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges. | ||||
| CVE-2022-50900 | 1 Wondershare | 1 Dr.fone | 2026-03-05 | 8.4 High |
| Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup. | ||||
| CVE-2021-47810 | 1 Wibu | 1 Wibukey | 2026-03-05 | 7.8 High |
| WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47809 | 2 Disksorter, Flexense | 2 Disk Sorter, Disk Sorter | 2026-03-05 | 7.8 High |
| Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2021-47805 | 2 Disksavvy, Flexense | 3 Disk Savvy, Disksavvy Enterprise, Disksavvy | 2026-03-05 | 7.8 High |
| Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges. | ||||