Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Searc
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unq
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot
It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malici
An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the un
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in th
Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers ca
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit
memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo
Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted
CVE-2025-8070
CRITICAL CVSS 9.2
Find Similar
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable i
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installe
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the un
Page 1+ Next →