CVE-2025-39246
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-5191
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges c…
CVE-2025-57699
Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path.
A user with the write permission on the root directory of the system drive may execute arbitrary code with t…
CVE-2025-9043
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with writ…
CVE-2025-8070
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Prog…
CVE-2025-0035
Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2024-36321
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2025-1984
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
CVE-2025-0884
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.
The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation.
This issue affects Service Manager: 9.70, 9.71, 9.72.
CVE-2025-24831
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
CVE-2025-21107
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, lea…
CVE-2024-57276
In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the servic…