Search Results (458 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37048 1 Iskysoft 1 Application Framework Service 2026-04-15 7.8 High
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
CVE-2019-25276 1 Rockwellautomation 2 Factorytalk Activation, Studio 2026-04-15 7.8 High
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
CVE-2020-36879 2 Flexense, Flexsense 2 Diskboss, Diskboss 2026-04-15 N/A
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
CVE-2020-37061 1 Weird Solutions 1 Bootpturbo 2026-04-15 7.8 High
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
CVE-2020-37064 1 Epson 1 Easymp 2026-04-15 7.8 High
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
CVE-2020-37016 1 Barcode-ocr 1 Barcodeocr 2026-04-15 7.8 High
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem privileges.
CVE-2020-36991 1 Sharemouse 1 Sharemouse 2026-04-15 7.8 High
ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.
CVE-2020-37017 1 Wibu 1 Codemeter 2026-04-15 7.8 High
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
CVE-2020-37020 1 Sonarsource 1 Sonarqube 2026-04-15 7.8 High
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.
CVE-2019-25345 1 Realtek 1 Rtk Iis Codec Service 2026-04-15 7.8 High
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
CVE-2020-37021 2 10-strike, Nsasoft 2 Bandwidth Monitor, Network Bandwidth Monitor 2026-04-15 7.8 High
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
CVE-2020-37037 1 Avast 2 Secureline, Secureline Vpn 2026-04-15 7.8 High
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
CVE-2020-37098 1 Disksorter 1 Disk Sorter 2026-04-15 7.8 High
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2019-25309 1 Zilab Software 1 Zilab Remote Console Server 2026-04-15 7.8 High
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
CVE-2020-36984 1 Epson 1 Senadb 2026-04-15 7.8 High
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.
CVE-2025-32449 1 Intel 1 Pri Driver 2026-04-15 6.7 Medium
Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2019-25307 1 Softalk 1 Workgroupmail 2026-04-15 7.8 High
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2019-25310 1 Actfax 1 Activefax Server 2026-04-15 7.8 High
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
CVE-2020-36985 2 Gearboxcomputers, Panasonic 2 Ip Watcher, Kw Watcher 2026-04-15 7.8 High
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.
CVE-2020-37059 2 Getpopcorntime, Popcorn Time Project 2 Popcorn Time, Popcorn Time 2026-04-15 7.8 High
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.