Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-25865

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-18 Jun, 2026 | 19:39
Updated At-22 Jun, 2026 | 17:16
Rejected At-
Credits

Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:18 Jun, 2026 | 19:39
Updated At:22 Jun, 2026 | 17:16
Rejected At:
â–¼CVE Numbering Authority (CNA)
Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

Affected Products
Vendor
Yandex
Product
Punto Switcher
Default Status
affected
Versions
Affected
  • From 0 through 4.5.0.583 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-428Unquoted Search Path or Element
Type: CWE
CWE ID: CWE-428
Description: Unquoted Search Path or Element
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Spektion Research Team
coordinator
VulnCheck
Timeline
EventDate
VulnCheck engages Yandex to initiate a CVD case under a 120-day disclosure deadline.2026-02-09 21:36:00
Yandex acknowledges notification and passes along to internal team noting that they will reach out if interested.2026-02-09 21:41:00
VulnCheck follows up with Yandex after no response.2026-02-18 22:18:00
Yandex reemphasizes that internal team will reach out directly if interested.2026-02-18 22:24:00
VulnCheck provides Yandex a draft of CVE record for comments.2026-06-08 19:00:00
Event: VulnCheck engages Yandex to initiate a CVD case under a 120-day disclosure deadline.
Date: 2026-02-09 21:36:00
Event: Yandex acknowledges notification and passes along to internal team noting that they will reach out if interested.
Date: 2026-02-09 21:41:00
Event: VulnCheck follows up with Yandex after no response.
Date: 2026-02-18 22:18:00
Event: Yandex reemphasizes that internal team will reach out directly if interested.
Date: 2026-02-18 22:24:00
Event: VulnCheck provides Yandex a draft of CVE record for comments.
Date: 2026-06-08 19:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://spektion.com/articles/cve-2026-25865-punto-switcher
vendor-advisory
https://yandex.ru/soft/punto
product
https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec
third-party-advisory
Hyperlink: https://spektion.com/articles/cve-2026-25865-punto-switcher
Resource:
vendor-advisory
Hyperlink: https://yandex.ru/soft/punto
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:18 Jun, 2026 | 20:16
Updated At:22 Jun, 2026 | 18:16

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-428Secondarydisclosure@vulncheck.com
CWE ID: CWE-428
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://spektion.com/articles/cve-2026-25865-punto-switcherdisclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexecdisclosure@vulncheck.com
N/A
https://yandex.ru/soft/puntodisclosure@vulncheck.com
N/A
Hyperlink: https://spektion.com/articles/cve-2026-25865-punto-switcher
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/punto-switcher-unquoted-search-path-via-winexec
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://yandex.ru/soft/punto
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

290Records found
CVE-2025-5471
Matching Score-8
Assigner-Yandex N.V.
ShareView Details
Matching Score-8
Assigner-Yandex N.V.
CVSS Score-7.3||HIGH
EPSS-0.15% / 4.59%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 15:53
Updated-19 Feb, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dylib Hijacking in Yandex Telemost

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.

Action-Not Available
Vendor-yandexYandex
Product-yandex_telemostTelemost
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-37063
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.06%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path

TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Action-Not Available
Vendor-Weird-Solutions
Product-TFTP Turbo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-7316
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-6.6||MEDIUM
EPSS-0.37% / 28.57%
||
7 Day CHG~0.00%
Published-07 Oct, 2020 | 18:40
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File and Removable Media Protection update fixes one vulnerability

Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder. This issue may result in files not being encrypted when a policy is triggered.

Action-Not Available
Vendor-McAfee, LLC
Product-file_and_removable_media_protectionFile & Removable Media Protection (FRP)
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-7331
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.40% / 31.66%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 09:40
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unquoted service executable path in McAfee Endpoint Security (ENS)

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

Action-Not Available
Vendor-McAfee, LLC
Product-endpoint_securityMcAfee Endpoint Security (ENS)
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2024-1618
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.45%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 15:04
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unquoted item or search path vulnerability in Faronics Deep Freeze Server Standard

A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running.

Action-Not Available
Vendor-Faronicsfaronics
Product-Deep Freeze Server Standarddeep_freeze
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37254
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.13%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 14:16
Updated-23 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare PDFelement 5.2.9 Privilege Escalation via Unquoted Service Path

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.

Action-Not Available
Vendor-Wondershare
Product-PDFelement
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37231
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.12%
||
7 Day CHG~0.00%
Published-16 May, 2026 | 15:25
Updated-18 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Action-Not Available
Vendor-Cybertronsoft
Product-Privacy Drive
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37098
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.03%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Sorter Enterprise 12.4.16 - Unquoted Service Path

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.

Action-Not Available
Vendor-DiskSorter
Product-Disk Sorter Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37102
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.12%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path

Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.

Action-Not Available
Vendor-Lavasoft
Product-Web Companion
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37252
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.23%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 14:16
Updated-23 Jun, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realtek Audio Service 1.0.0.55 Unquoted Service Path Privilege Escalation

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Action-Not Available
Vendor-Realtek Semiconductor Corp.
Product-Realtek Audio Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37101
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.11% / 1.67%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VPN unlimited 6.1 - Unquoted Service Path

VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges.

Action-Not Available
Vendor-Vpnunlimitedapp
Product-VPN unlimited
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37223
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.12%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 14:22
Updated-13 May, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Uninstaller 9.5.0.15 Unquoted Service Path Privilege Escalation

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.

Action-Not Available
Vendor-Iobit
Product-IObit Uninstaller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2025-10199
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.42%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:30
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A local privilege escalation vulnerability exists in LizardBytes' Sunshine for Windows

A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.

Action-Not Available
Vendor-lizardbyteLizardByteMicrosoft Corporation
Product-windowssunshineSunshine for Windows
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37100
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.19% / 8.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-03 Feb, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sync Breeze Enterprise 12.4.18 - Unquoted Service Path

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.

Action-Not Available
Vendor-SyncBreeze
Product-Sync Breeze Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37229
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.11% / 1.73%
||
7 Day CHG~0.00%
Published-16 May, 2026 | 15:25
Updated-18 May, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.

Action-Not Available
Vendor-Oki
Product-OKI sPSV Port Manager
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37232
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-16 May, 2026 | 15:25
Updated-18 May, 2026 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.

Action-Not Available
Vendor-Iobit
Product-Advanced System Care Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37099
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.03%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:49
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path

Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-DiskSavvy
Product-Disk Savvy Enterprise
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36936
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.07%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:01
Updated-26 Jan, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path

Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.

Action-Not Available
Vendor-Magic Utilities
Product-Magic Mouse 2 utilities
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36983
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.76%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:52
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quick 'n Easy FTP Service 3.2 - Unquoted Service Path

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.

Action-Not Available
Vendor-Pablosoftwaresolutions
Product-Quick 'n Easy FTP Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36934
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.66%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:00
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path

Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Deepinstinct
Product-Deep Instinct Windows Agent
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36927
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.64%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-05 Mar, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DiskPulse 13.6.14 - Unquoted Service Path

DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-flexenseDiskpulse
Product-diskpulseDiskPulse
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37055
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path

SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.

Action-Not Available
Vendor-Enigmasoftware
Product-SpyHunter
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36929
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.22% / 13.01%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-09 Feb, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.

Action-Not Available
Vendor-SupportBrother Industries, Ltd.
Product-brprint_auditorBrother BRPrint Auditor
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36933
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.89%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:00
Updated-26 Jan, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path

HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.

Action-Not Available
Vendor-HTC
Product-IPTInstaller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37020
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.23%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart.

Action-Not Available
Vendor-Sonarqube
Product-SonarQube
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37060
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 16:16
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path

Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.

Action-Not Available
Vendor-Drive-Software
Product-Atomic Alarm Clock x86
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36991
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.

Action-Not Available
Vendor-Sharemouse
Product-ShareMouse
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36952
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.78%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 16:00
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IObit Uninstaller 10 Pro - Unquoted Service Path

IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.

Action-Not Available
Vendor-Iobit
Product-IObit Uninstaller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36953
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.17% / 6.73%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 17:42
Updated-14 May, 2026 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path

MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-Minitool
Product-MiniTool ShadowMaker
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36990
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input Director 1.4.3 - 'Input Director' Unquoted Service Path

Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Action-Not Available
Vendor-Inputdirector
Product-Input Director
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37017
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.23%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.

Action-Not Available
Vendor-Wibu
Product-CodeMeter
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36976
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.56%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path

Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup.

Action-Not Available
Vendor-Acer Inc.
Product-Global Registration Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36985
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.17%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:28
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path

IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.

Action-Not Available
Vendor-Gearboxcomputers
Product-IP Watcher
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37037
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.

Action-Not Available
Vendor-Avast
Product-AVAST SecureLine
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37030
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.70%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 16:16
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files (x86)\Outline to inject malicious code that would execute with LocalSystem permissions during service startup.

Action-Not Available
Vendor-Getoutline
Product-Outline Service
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36975
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.90%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\E_S60RPB.EXE' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-SEIKO EPSON Corp
Product-Status Monitor 3
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36984
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:28
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path

EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\ to inject malicious executables that will run with LocalSystem permissions.

Action-Not Available
Vendor-Epson
Product-EPSON
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36980
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.94%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.

Action-Not Available
Vendor-Segurazo
Product-SAntivirus IC
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36987
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.17%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.

Action-Not Available
Vendor-Gearboxcomputers
Product-Program Access Controller
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36986
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.52%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:28
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prey 1.9.6 - "CronService" Unquoted Service Path

Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot.

Action-Not Available
Vendor-Preyproject
Product-Prey
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37064
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-01 Feb, 2026 | 14:38
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path

EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.

Action-Not Available
Vendor-Epson
Product-EPSON EasyMP Network Projection
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36903
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.69%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:39
Updated-02 Jan, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path

Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.

Action-Not Available
Vendor-Selea
Product-Selea CarPlateServer (CPS)
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36977
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.18% / 8.21%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 18:51
Updated-29 Jan, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.

Action-Not Available
Vendor-Wondershare
Product-Wondershare Driver Install Service help
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36937
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.07%
||
7 Day CHG~0.00%
Published-25 Jan, 2026 | 14:01
Updated-26 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem privileges.

Action-Not Available
Vendor-Microvirt
Product-MEMU PLAY
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36992
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path

Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path during system startup or reboot to potentially run malicious code with LocalSystem permissions.

Action-Not Available
Vendor-nordvpn
Product-nordvpn
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37059
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.13% / 3.22%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 16:16
Updated-05 Mar, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popcorn Time 6.2 - 'Update service' Unquoted Service Path

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.

Action-Not Available
Vendor-Getpopcorntime
Product-Popcorn Time
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36930
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.21% / 11.64%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:25
Updated-05 Mar, 2026 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.

Action-Not Available
Vendor-flexenseSysgauge
Product-sysgaugeSysGauge
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36989
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.16% / 5.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 12:29
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path

ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.

Action-Not Available
Vendor-Forensit
Product-ForensiTAppxService
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-36957
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.73%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 17:43
Updated-14 May, 2026 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path

PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

Action-Not Available
Vendor-Pdf-Complete
Product-PDF Complete
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-37058
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.12% / 2.22%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 16:16
Updated-04 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Andrea ST Filters Service 1.0.64.7 - Unquoted service path

Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.

Action-Not Available
Vendor-Andrea Electronics
Product-Andrea ST Filters Service
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found