PT-2026-3043

Name of the Vulnerable Software and Affected Versions 10-Strike Network Inventory Explorer Pro version 9.31 Description The software contains an unquoted service path vulnerability in the srvInventoryWebServer service, which runs with LocalSystem privileges. An attacker can exploit this by placin...

PT-2026-3149

Name of the Vulnerable Software and Affected Versions Brother BRAgent version 1.38 Description The software contains an unquoted service path vulnerability within the WBA Agent Client service, which operates with LocalSystem privileges. An attacker can exploit the unquoted path located at C:Progr...

CVE-2022-50914

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

Security Updates for Azure Connected Machine Agent < 1.60 (January 2026)

The Microsoft Azure Connected Machine Agent installation on the remote host is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-21224. - Successful exploitation of this vulnerability could allow a local attacker to gain SYSTEM privileges on...

CVE-2022-50933

Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions...

CVE-2022-50923

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions...

CVE-2022-50921

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during...

CVE-2022-50914

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2022-50900

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during...

CVE-2022-50901

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that woul...

CVE-2023-54331 Outline 1.6.0 - Unquoted Service Path

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with...

CVE-2022-50938 CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system...

CVE-2022-50924 Private Internet Access 3.3 - 'pia-service' Unquoted Service Path

Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with...

CVE-2022-50923 Cobian Backup 0.9 - Unquoted Service Path

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions...

CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...

CVE-2022-50920 Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path

Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durin...

CVE-2022-50918

The CVE concerns VIVE Runtime Service 1.0.0.4, where an unquoted service path enables local users to run arbitrary code with elevated privileges during service startup. Attackers could place a malicious executable in affected directories to gain LocalSystem access. The vulnerability is local in s...

CVE-2022-50914 EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges...

CVE-2022-50914

CVE-2022-50914 affects EaseUS Data Recovery 15.1.0.0 with an unquoted path in the EaseUS UPDATE SERVICE executable, enabling local privilege escalation to LocalSystem. The connected documents confirm the issue and impact, but do not provide a patch/version fix or explicit exploitation details.

CVE-2022-50901 Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path

Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that woul...