34 matches found
EUVD-2020-20693
Malware in sbrugna...
EUVD-2024-29105
Malicious code in bioql PyPI...
CVE-2025-9043
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious...
Rockwell Automation SequenceManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : SequenceManager Vulnerabilities : Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a...
CVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...
CVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...
CVE-2024-31201
CVE-2024-31201 affects the ThermoscanIP Scrutation service. The root cause is a CWE-428 Unquoted Search Path or Element, which can be abused when the C:\ path permissions are misconfigured, potentially enabling local privilege escalation. Exploitation details are not provided in the documents. Re...
CVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...
CVE-2024-2747
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...
CVE-2024-2747
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine...
CVE-2024-2747
CVE-2024-2747 affects Schneider Electric Easergy Studio. The root cause is CWE-428: an unquoted search path/element, allowing a local attacker with low privileges to escalate privileges by replacing a trusted file name and rebooting the system. Impact is described as high for confidentiality, int...
Subnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary...
CVE-2023-42486
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges...
Code injection
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges...
CVE-2023-42486
Fortect CVE-2023-42486 describes CWE-428 Unquoted Search Path or Element leading to local privilege elevation. Affected: Fortect software (sources reference Fortect, with one entry citing version 5.0.0.7). Root cause: unquoted search path/element. Impact: local privilege elevation with high confi...
CVE-2023-42486 Fortect - CWE-428: Unquoted Search Path or Element
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges...
CVE-2023-42486 Fortect - CWE-428: Unquoted Search Path or Element
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges...
Filmora 12 Build 1.0.0.7 Unquoted Service Path
Vendor Name: Filmora Product Name: Filmora 12 version Build 1.0.0.7 Vendor Home Page: https://filmora.wondershare.com/ Affected Versions: Filmora 12 version Build 12.2.1.2088 Vulnerability Type: Unquoted Service Path Vulnerability CWE-428 CVE Reference: CVE-2023-31747 Security Researcher: Thurein...
JVN#35246979: ELECOM WAB-MAT registers its windows service executable with an unquoted file path
WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service...
JVN#12969207: HPE Agentless Management registers unquoted service paths
HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths CWE-428. Impact When a registered Windows service path contains spaces and is unquoted, and a malicious executable is placed on a certain path, the executable may be executed wi...