Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-50913

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-13 Jan, 2026 | 22:51
Updated At-14 Jan, 2026 | 16:12
Rejected At-
Credits

TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:13 Jan, 2026 | 22:51
Updated At:14 Jan, 2026 | 16:12
Rejected At:
▼CVE Numbering Authority (CNA)
TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

Affected Products
Vendor
ITEC
Product
TCQ
Versions
Affected
  • Unknown
Problem Types
TypeCWE IDDescription
CWECWE-428Unquoted Search Path or Element
Type: CWE
CWE ID: CWE-428
Description: Unquoted Search Path or Element
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Edgar Carrillo Egea
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/50902
exploit
https://itec.es/programas/
product
https://www.vulncheck.com/advisories/tcq-itecproteccioappserverexe-unquoted-service-path
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/50902
Resource:
exploit
Hyperlink: https://itec.es/programas/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/tcq-itecproteccioappserverexe-unquoted-service-path
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:13 Jan, 2026 | 23:15
Updated At:14 Jan, 2026 | 16:25

ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-428Primarydisclosure@vulncheck.com
CWE ID: CWE-428
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://itec.es/programas/disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/50902disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/tcq-itecproteccioappserverexe-unquoted-service-pathdisclosure@vulncheck.com
N/A
Hyperlink: https://itec.es/programas/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/50902
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/tcq-itecproteccioappserverexe-unquoted-service-path
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

163Records found
CVE-2022-50938
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system privileges during service startup.

Action-Not Available
Vendor-Contpaqi
Product-CONTPAQ AdminPAQ
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50914
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.73%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Action-Not Available
Vendor-EaseUS
Product-EaseUS Data Recovery
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50688
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-23 Dec, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cobian Backup Gravity 11.2.0.582 Unquoted Service Path Privilege Escalation

Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.

Action-Not Available
Vendor-Cobiansoft
Product-Cobian Backup Gravity
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50900
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.

Action-Not Available
Vendor-wondershareWondershare
Product-dr.foneWondershare Dr.Fone
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50917
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProtonVPN 1.26.0 - Unquoted Service Path

ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.

Action-Not Available
Vendor-ProtonVPN
Product-ProtonVPN
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50924
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.04%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Private Internet Access
Product-Private Internet Access
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50903
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path

Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.

Action-Not Available
Vendor-wondershareWondershare
Product-mobiletransWondershare MobileTrans
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50901
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-28 Jan, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.

Action-Not Available
Vendor-wondershareWondershare
Product-dr.foneWondershare Dr.Fone
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50933
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-02 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cain & Abel 4.9.56 - Unquoted Service Path

Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.

Action-Not Available
Vendor-malavidaMalavida
Product-cain_\&_abelCain & Abel
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50921
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-02 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.

Action-Not Available
Vendor-wow21ilwebmaster21
Product-wow21WOW21
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50935
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.05% / 16.88%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLAME II MODEM USB - Unquoted Service Path

Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.

Action-Not Available
Vendor-Telcel
Product-FLAME II MODEM USB
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-50693
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-14 Jan, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splashtop 8.71.12001.0 - Unquoted Service Path

Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Splashtop
Product-Splashtop
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53947
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.

Action-Not Available
Vendor-oscinventory
Product-OCS Inventory NG
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53954
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.59%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.

Action-Not Available
Vendor-Actfax
Product-ActFax
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-54331
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.75%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-02 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Outline 1.6.0 - Unquoted Service Path

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.

Action-Not Available
Vendor-getoutlineGetoutline
Product-outlineOutline
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53965
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.6||HIGH
EPSS-0.02% / 5.32%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 21:35
Updated-29 Jan, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Action-Not Available
Vendor-sound4SOUND4 Ltd.
Product-ip_connect_firmwarestream_x2_firmwarevoice_ula8playout_ula8big_voice_firmwarevoice_ula4stream_x8voice_ula8_firmwareimpactfirst_firmwareip_connectpulsestream_x4stream_x8_firmwarewm2firstpulse_ecopulse_firmwarevoice_ula2_firmwareplayout_ula8_firmwarewm2_firmwarestream_x4_firmwarevoice_ula2voice_ula4_firmwarestream_x2impact_firmwarebig_voiceimpact_eco_firmwareimpact_ecopulse_eco_firmwareSOUND4 Server Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-53946
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 21:05
Updated-23 Dec, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.

Action-Not Available
Vendor-Arcsoft
Product-PhotoStudio
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2023-54338
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-14 Jan, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.

Action-Not Available
Vendor-Pjo2
Product-Tftpd32_SE
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47862
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path

Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Action-Not Available
Vendor-HI-REZ STUDIOS
Product-HiPatchService
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47790
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-30 Jan, 2026 | 00:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active WebCam 11.5 - Unquoted Service Path

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.

Action-Not Available
Vendor-pysoftPysoft
Product-active_webcamActive WebCam
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47886
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path

Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Fyrolabs LLC.
Product-Pingzapper
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47823
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path

Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Acer Inc.
Product-ePowerSvc
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47807
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-30 Jan, 2026 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-flexenseSyncbreeze
Product-sync_breezeSync Breeze
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47803
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path

iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious executable into the unquoted service path to run with LocalSystem privileges when the service restarts.

Action-Not Available
Vendor-I-Funbox
Product-iFunbox
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47822
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup.

Action-Not Available
Vendor-Diskboss
Product-DiskBoss Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47864
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining elevated system access.

Action-Not Available
Vendor-OSAS
Product-OSAS Traverse Extension
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47847
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Disksorter
Product-Disk Sorter Server
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47809
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-30 Jan, 2026 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path

Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-flexenseDisksorter
Product-disk_sorterDisk Sorter Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47859
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path

ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\Common Files\ActivIdentity\ to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-HID Global
Product-ActivIdentity
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47805
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-21 Jan, 2026 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path

Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.

Action-Not Available
Vendor-flexenseDisksavvy
Product-disksavvyDisk Savvy
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47762
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTPDebuggerPro 9.11 - Unquoted Service Path

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated access to the system.

Action-Not Available
Vendor-Httpdebugger
Product-HTTPDebuggerPro
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47866
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.

Action-Not Available
Vendor-Honeywell International Inc.
Product-WIN-PACK PRO
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47828
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path

BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.

Action-Not Available
Vendor-Weird-Solutions
Product-BOOTP Turbo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47773
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 15:52
Updated-23 Jan, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynojet Power Core 2.3.0 - Unquoted Service Path

Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.

Action-Not Available
Vendor-dynojetDynojet
Product-power_coreDynojet Power Core
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47825
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Acer Inc.
Product-Acer Updater Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47887
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path

OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-OKI
Product-Print Job Accounting
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47861
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event Log Explorer 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path

Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.

Action-Not Available
Vendor-FSPro Labs
Product-Event Log Explorer
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47810
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-30 Jan, 2026 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-wibuWibu
Product-wibukeyWibuKey Runtime
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47829
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 19:09
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path

DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code that will execute during service startup with LocalSystem permissions.

Action-Not Available
Vendor-Weird-Solutions
Product-DHCP Broadband
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47896
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.12%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.

Action-Not Available
Vendor-PDF Complete, Inc.
Product-PDFCOMPLETE Corporate Edition
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47898
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Epson USB Display 1.6.0.0 Unquoted Service Path Vulnerability

Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.

Action-Not Available
Vendor-Epson America, Inc.
Product-Epson USB Display
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47879
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eBeam Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path

eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.

Action-Not Available
Vendor-Luidia
Product-eBeam Interactive Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47889
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 16:47
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Softros Systems
Product-LAN Messenger
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47882
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path

FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.

Action-Not Available
Vendor-FreeLAN
Product-FreeLAN
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47787
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.78%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TotalAV 5.15.69 - Unquoted Service Path

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Action-Not Available
Vendor-totalavTotalav
Product-totalavTotalAV
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47867
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WIN-PACK PRO 4.8 - 'ScheduleService' Unquoted Service Path

WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.

Action-Not Available
Vendor-Security
Product-Winpakpro
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47878
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eBeam Education Suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path

eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.

Action-Not Available
Vendor-Luidia
Product-eBeam Education Suite
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47883
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.70%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path

Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Sandboxie-Plus
Product-Sandboxie Plus
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47880
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path

Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.

Action-Not Available
Vendor-Realtek Semiconductor Corp.
Product-Realtek Wireless LAN Utility
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-47804
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service restarts.

Action-Not Available
Vendor-Wisecleaner
Product-Wise Care
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found