Search Results (458 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-25275 1 Filehorse 1 Bartvpn 2026-04-15 7.8 High
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service's execution context.
CVE-2019-25231 2026-04-15 8.4 High
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
CVE-2019-25266 1 Wondershare 1 Application Framework Service 2026-04-15 7.8 High
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
CVE-2019-25269 1 Microsoft 1 Windows 2026-04-15 7.8 High
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
CVE-2019-25272 1 Tenaxsoft 1 Cyberplanet 2026-04-15 7.8 High
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
CVE-2019-25305 2 Hp, Inforprograma 2 Jumpstart, Jumpstart 2026-04-15 7.8 High
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.
CVE-2019-25304 1 Issivs 1 Securos Enterprise 2026-04-15 7.8 High
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.
CVE-2019-25302 1 Acer 1 Launch Manager 2026-04-15 7.8 High
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
CVE-2019-25292 1 Alps 1 Hid Monitor Service 2026-04-15 7.8 High
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and gain system-level access.
CVE-2019-25288 1 Wacom 1 Wtabletservice 2026-04-15 7.8 High
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.
CVE-2019-25287 1 Lavasoft 1 Web Companion 2026-04-15 7.8 High
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code that would execute with LocalSystem privileges during service startup.
CVE-2024-36321 2026-04-15 7.3 High
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2020-36984 1 Epson 1 Senadb 2026-04-15 7.8 High
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.
CVE-2020-37099 1 Disksavvy 1 Disksavvy Enterprise 2026-04-15 7.8 High
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
CVE-2024-57276 2026-04-15 7.3 High
In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.
CVE-2020-37098 1 Disksorter 1 Disk Sorter 2026-04-15 7.8 High
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVE-2020-37102 2 Codeworkweb, Lavasoft 2 Cww Companion, Web Companion 2026-04-15 7.8 High
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVE-2021-47762 1 Httpdebugger 1 Httpdebuggerpro 2026-04-15 7.8 High
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system.
CVE-2020-36990 1 Inputdirector 1 Input Director 2026-04-15 7.8 High
Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
CVE-2025-66264 1 Megatec 1 Upsilon2000 2026-04-15 N/A
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation.