Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-50904

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-13 Jan, 2026 | 22:51
Updated At-14 Jan, 2026 | 19:20
Rejected At-
Credits

Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:13 Jan, 2026 | 22:51
Updated At:14 Jan, 2026 | 19:20
Rejected At:
â–¼CVE Numbering Authority (CNA)
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.

Affected Products
Vendor
Wondershare
Product
Wondershare UBackit
Versions
Affected
  • 2.0.5
Problem Types
TypeCWE IDDescription
CWECWE-428Unquoted Search Path or Element
Type: CWE
CWE ID: CWE-428
Description: Unquoted Search Path or Element
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Luis Martinez
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/50758
exploit
https://www.wondershare.com/
product
https://www.vulncheck.com/advisories/wondershare-ubackit-wsbackup-unquoted-service-path
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/50758
Resource:
exploit
Hyperlink: https://www.wondershare.com/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/wondershare-ubackit-wsbackup-unquoted-service-path
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:13 Jan, 2026 | 23:15
Updated At:14 Jan, 2026 | 16:25

Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-428Primarydisclosure@vulncheck.com
CWE ID: CWE-428
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exploit-db.com/exploits/50758disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/wondershare-ubackit-wsbackup-unquoted-service-pathdisclosure@vulncheck.com
N/A
https://www.wondershare.com/disclosure@vulncheck.com
N/A
Hyperlink: https://www.exploit-db.com/exploits/50758
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/wondershare-ubackit-wsbackup-unquoted-service-path
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.wondershare.com/
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

166Records found
CVE-2020-36977
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.

Action-Not Available
Vendor-Wondershare
Product-Wondershare Driver Install Service help
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50900
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Action-Not Available
Vendor-wondershareWondershare
Product-dr.foneWondershare Dr.Fone
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50903
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path

Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.

Action-Not Available
Vendor-wondershareWondershare
Product-mobiletransWondershare MobileTrans
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50901
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.

Action-Not Available
Vendor-wondershareWondershare
Product-dr.foneWondershare Dr.Fone
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25266
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.56%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 16:41
Updated-06 Feb, 2026 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.

Action-Not Available
Vendor-Wondershare
Product-Wondershare Application Framework Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25344
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-12 Feb, 2026 | 19:02
Updated-12 Feb, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MobileGo 8.5.0 - Insecure File Permissions

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.

Action-Not Available
Vendor-Wondershare
Product-MobileGo
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-50902
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 5.90%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path

Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Wondershare
Product-Wondershare FamiSafe
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2022-50690
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.87%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare MirrorGo 2.0.11.346 Local Privilege Escalation via Insecure File Permissions

Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.

Action-Not Available
Vendor-Wondershare
Product-Wondershare MirrorGo
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-54331
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.20%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-02 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Outline 1.6.0 - Unquoted Service Path

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.

Action-Not Available
Vendor-getoutlineGetoutline
Product-outlineOutline
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25310
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:56
Updated-11 Feb, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.

Action-Not Available
Vendor-Actfax
Product-ActiveFax Server
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25306
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:56
Updated-11 Feb, 2026 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path

BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.

Action-Not Available
Vendor-Blackmoon
Product-BlackMoon FTP Server
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25307
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:56
Updated-11 Feb, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path

WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Action-Not Available
Vendor-Softalk
Product-WorkgroupMail
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25308
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:56
Updated-11 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Service Path

Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.

Action-Not Available
Vendor-LiteManager Team
Product-Mikogo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25309
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-11 Feb, 2026 | 14:56
Updated-11 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zilab Remote Console Server 3.2.9 - 'Zilab Remote Console Server' Unquoted Service Path

Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.

Action-Not Available
Vendor-Zilab Software Inc
Product-Zilab Remote Console Server
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-54338
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.79%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.

Action-Not Available
Vendor-Pjo2
Product-Tftpd32_SE
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-54336
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.79%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path

Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Infonetsoftware
Product-Mediconta
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53946
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.74%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.

Action-Not Available
Vendor-Arcsoft
Product-PhotoStudio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53984
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.

Action-Not Available
Vendor-clevo
Product-HotKey Clipboard
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53912
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 22:44
Updated-18 Dec, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation

USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.

Action-Not Available
Vendor-BiniSoft
Product-USB Flash Drives Control
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53947
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.

Action-Not Available
Vendor-oscinventory
Product-OCS Inventory NG
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53954
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.50%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.

Action-Not Available
Vendor-Actfax
Product-ActFax
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53965
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.02% / 5.21%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-29 Jan, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Action-Not Available
Vendor-sound4SOUND4 Ltd.
Product-ip_connect_firmwarestream_x2_firmwarevoice_ula8playout_ula8big_voice_firmwarevoice_ula4stream_x8voice_ula8_firmwareimpactfirst_firmwareip_connectpulsestream_x4stream_x8_firmwarewm2firstpulse_ecopulse_firmwarevoice_ula2_firmwareplayout_ula8_firmwarewm2_firmwarestream_x4_firmwarevoice_ula2voice_ula4_firmwarestream_x2impact_firmwarebig_voiceimpact_eco_firmwareimpact_ecopulse_eco_firmwareSOUND4 Server Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-25345
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-12 Feb, 2026 | 19:02
Updated-12 Feb, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.

Action-Not Available
Vendor-Realtek Semiconductor Corp.
Product-RTK IIS Codec Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-9325
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.5||HIGH
EPSS-0.04% / 13.57%
||
7 Day CHG~0.00%
Published-29 Sep, 2024 | 07:31
Updated-04 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras InControl incontrol-service-watchdog.exe unquoted search path

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

Action-Not Available
Vendor-intelbrasIntelbrasintelbras
Product-incontrol_webInControlincontrol
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-58315
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.22%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-16 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

Action-Not Available
Vendor-tosiTosibox OyMicrosoft Corporation
Product-tosibox_keywindowsTosibox Key Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-6080
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.5||HIGH
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 23:00
Updated-04 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras InControl incontrolWebcam Service unquoted search path

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

Action-Not Available
Vendor-intelbrasIntelbrasintelbras
Product-incontrolInControlincontrol
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-36980
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.

Action-Not Available
Vendor-Segurazo
Product-SAntivirus IC
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36930
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG-0.00%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-flexenseSysgauge
Product-sysgaugeSysGauge
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36982
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motorola Device Manager 2.5.4 - 'MotoHelperService.exe' Unquoted Service Path

Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup.

Action-Not Available
Vendor-Motorola-Device-Manager
Product-Motorola Device Manager
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37016
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem privileges.

Action-Not Available
Vendor-Barcode-Ocr
Product-BarcodeOCR
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36975
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-SEIKO EPSON Corp
Product-Status Monitor 3
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37020
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.

Action-Not Available
Vendor-Sonarqube
Product-SonarQube
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36929
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.64%
||
7 Day CHG-0.00%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.

Action-Not Available
Vendor-SupportBrother Industries, Ltd.
Product-brprint_auditorBrother BRPrint Auditor
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37047
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path

Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Deepinstinct
Product-Deep Instinct Windows Agent
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36986
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:28
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prey 1.9.6 - "CronService" Unquoted Service Path

Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.

Action-Not Available
Vendor-Preyproject
Product-Prey
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36952
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 16:00
Updated-27 Jan, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Uninstaller 10 Pro - Unquoted Service Path

IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.

Action-Not Available
Vendor-Iobit
Product-IObit Uninstaller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37063
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Action-Not Available
Vendor-Weird-Solutions
Product-TFTP Turbo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36935
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:01
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-KMSpico
Product-Service KMSELDI
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37100
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-03 Feb, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sync Breeze Enterprise 12.4.18 - Unquoted Service Path

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.

Action-Not Available
Vendor-SyncBreeze
Product-Sync Breeze Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36991
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.

Action-Not Available
Vendor-Sharemouse
Product-ShareMouse
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36937
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:01
Updated-26 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.

Action-Not Available
Vendor-Microvirt
Product-MEMU PLAY
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36936
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:01
Updated-26 Jan, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path

Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.

Action-Not Available
Vendor-Magic Utilities
Product-Magic Mouse 2 utilities
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36933
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:00
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path

HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.

Action-Not Available
Vendor-HTC
Product-IPTInstaller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37098
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-03 Feb, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Sorter Enterprise 12.4.16 - Unquoted Service Path

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Action-Not Available
Vendor-DiskSorter
Product-Disk Sorter Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36953
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.31%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 17:42
Updated-27 Jan, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Minitool
Product-MiniTool ShadowMaker
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37062
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.96%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path

DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.

Action-Not Available
Vendor-Weird Solutions
Product-DHCP Turbo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37102
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-03 Feb, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path

Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Action-Not Available
Vendor-Lavasoft
Product-Web Companion
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36959
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 17:43
Updated-27 Jan, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account permissions during service startup.

Action-Not Available
Vendor-IDT
Product-IDT PC Audio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50914
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Action-Not Available
Vendor-EaseUS
Product-EaseUS Data Recovery
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50930
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path

Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Emerson
Product-Emerson PAC Machine Edition
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found