Total
226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3005 | 2 Adobe, Microsoft | 2 Photoshop Cc, Windows | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability. | |||||
| CVE-2017-14019 | 1 Progea | 1 Movicon | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. | |||||
| CVE-2017-3751 | 1 Lenovo | 1 Thinkpad Compact Usb Keyboard Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
| CVE-2022-46662 | 1 Corel | 1 Roxio Creator Ljb | 2025-04-16 | N/A | 6.7 MEDIUM |
| Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A) | |||||
| CVE-2019-19705 | 1 Lenovo | 272 Aio300-23isu, Aio300-23isu Firmware, Aio310-20iap and 269 more | 2025-04-14 | N/A | 7.8 HIGH |
| Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. | |||||
| CVE-2016-5793 | 1 Moxa | 1 Active Opc Server | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2016-6935 | 1 Adobe | 1 Creative Cloud | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2014-5455 | 2 Openvpn, Privatetunnel | 2 Openvpn, Privatetunnel | 2025-04-12 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. | |||||
| CVE-2015-4173 | 1 Sonicwall | 1 Netextender | 2025-04-12 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | |||||
| CVE-2024-24722 | 1 12dsynergy | 2 12dsynergy, File Replication Server | 2025-04-02 | N/A | 9.1 CRITICAL |
| An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235. | |||||
| CVE-2022-44264 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | N/A | 7.8 HIGH |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. | |||||
| CVE-2025-1984 | 2025-03-14 | N/A | 5.2 MEDIUM | ||
| Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | |||||
| CVE-2025-0884 | 2025-03-12 | N/A | N/A | ||
| Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72. | |||||
| CVE-2025-24831 | 2025-02-18 | N/A | 6.6 MEDIUM | ||
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2025-02-11 | N/A | 7.3 HIGH |
| WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
| CVE-2025-21107 | 3 Dell, Linux, Microsoft | 3 Networker, Linux Kernel, Windows | 2025-02-07 | N/A | 7.8 HIGH |
| Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2022-36384 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | N/A | 6.7 MEDIUM |
| Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-57276 | 2025-01-30 | N/A | 7.3 HIGH | ||
| In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. | |||||
| CVE-2023-31747 | 1 Wondershare | 1 Filmora | 2025-01-21 | N/A | 7.8 HIGH |
| Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | |||||
| CVE-2024-8975 | 2 Grafana, Microsoft | 2 Alloy, Windows | 2024-12-26 | N/A | 7.3 HIGH |
| Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. | |||||