ReportizFlow
Filtered by vendor
Subscriptions
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53984 | 1 Clevo | 1 Hotkey Clipboard | 2026-04-15 | 8.4 High |
| Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations. | ||||
| CVE-2020-36986 | 1 Preyproject | 1 Prey | 2026-04-15 | 7.8 High |
| Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot. | ||||
| CVE-2020-36987 | 1 Gearboxcomputers | 1 Program Access Controller | 2026-04-15 | 7.8 High |
| Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. | ||||
| CVE-2025-5191 | 2 Microsoft, Moxa | 5 Windows, Drp-a100, Drp-c100 and 2 more | 2026-04-15 | N/A |
| An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems. | ||||
| CVE-2020-36990 | 1 Inputdirector | 1 Input Director | 2026-04-15 | 7.8 High |
| Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. | ||||
| CVE-2024-36321 | 2026-04-15 | 7.3 High | ||
| Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. | ||||
| CVE-2020-36983 | 2 Pablo Software Solutions, Pablosoftwaresolutions | 2 Quick N Easy Ftp Server, Quick \'n Easy Web Server | 2026-04-15 | 7.8 High |
| Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart. | ||||
| CVE-2024-31804 | 1 Terratec | 1 Dmx 6fire 24\/96 Controlpanel | 2026-04-15 | 6.7 Medium |
| An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. | ||||
| CVE-2020-36991 | 1 Sharemouse | 1 Sharemouse | 2026-04-15 | 7.8 High |
| ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup. | ||||
| CVE-2019-25269 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations. | ||||
| CVE-2020-37016 | 1 Barcode-ocr | 1 Barcodeocr | 2026-04-15 | 7.8 High |
| BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem privileges. | ||||
| CVE-2021-47878 | 1 Luidia | 1 Ebeam Education Suite | 2026-04-15 | 7.8 High |
| eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2020-37017 | 1 Wibu | 1 Codemeter | 2026-04-15 | 7.8 High |
| CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. | ||||
| CVE-2024-58288 | 2 Genexus, Microsoft | 2 Protection Server, Windows | 2026-04-15 | N/A |
| Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations. | ||||
| CVE-2025-39246 | 2026-04-15 | 5.3 Medium | ||
| There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-47822 | 1 Diskboss | 1 Diskboss Service | 2026-04-15 | 7.8 High |
| DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup. | ||||
| CVE-2019-25272 | 1 Tenaxsoft | 1 Cyberplanet | 2026-04-15 | 7.8 High |
| TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges. | ||||
| CVE-2020-36935 | 1 Kmspico | 1 Service Kmseldi | 2026-04-15 | 7.8 High |
| KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2024-34010 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575. | ||||
| CVE-2020-36934 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.8 High |
| Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||