CVE-2016-20089

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

Unquoted Search Path or Element

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Unquoted Search Path or Element in the app.setLoginItemSettings function on Windows when the executable pat...

GHSA-JFQX-FXH3-C62J Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

PT-2026-29998

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

PT-2025-47969

Name of the Vulnerable Software and Affected Versions RSA Authentication Agent versions prior to 7.4.7 Description The RSA Authentication Agent is susceptible to a path interception issue affecting service paths and shortcut paths. This occurs when a path contains spaces and is not enclosed in...

EUVD-2025-29683

Malicious code in bioql PyPI...

EUVD-2025-30921

Malicious code in bioql PyPI...

CVE-2025-54081

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager SCM interprets the path...

OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path

Overview Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path CWE-428, CVE-2025-9818. OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution...

CVE-2025-9818 Vulnerability caused by unquoted file paths of Windows services registered by the Uninterruptible Power Supply (UPS) management application

A vulnerability CWE-428 has been identified in the Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contain...

CVE-2025-9818 Vulnerability caused by unquoted file paths of Windows services registered by the Uninterruptible Power Supply (UPS) management application

A vulnerability CWE-428 has been identified in the Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path of this product contain...

PT-2025-38109

Name of the Vulnerable Software and Affected Versions: OMRON SOCIAL SOLUTIONS Co., Ltd. UPS management application affected versions not specified Description: The Uninterruptible Power Supply UPS management application is susceptible to a flaw where executable file paths for Windows services are...

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to...

SAP Business One 代码问题漏洞

SAP Business One is a set of enterprise management software from SAP. The software includes functionality for financial management, operations management, and human resource management. A code issue vulnerability exists in the SAP Business One application that originates from the creation of a...

OESA-2022-1540 python-pillow security update

Python image processing library. Security Fixes: Pillow is a PIL Python Imaging Library fork. Affected versions of this package are vulnerable to Improper Input Validation. When the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary imag...

CVE-2021-45460

A vulnerability has been identified in SICAM PQ Analyzer All versions V3.18. A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate proces...