CWE-428— Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.— MITRE CWE catalog
436 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-428page 8 of 9
- CVE-2023-53912MEDIUMCVSS 6.2EG 6.22025-12-17
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\U…
- CVE-2023-53946HIGHCVSS 8.4EG 8.42025-12-19
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger t…
- CVE-2023-53947HIGHCVSS 8.4EG 8.42025-12-19
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service re…
- CVE-2023-53954MEDIUMCVSS 6.2EG 6.22025-12-19
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files direc…
- CVE-2023-53965HIGHCVSS 8.4EG 8.42025-12-22
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting m…
- CVE-2023-53984HIGHCVSS 8.4EG 8.42026-01-13
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured serv…
- CVE-2023-54331HIGHCVSS 7.8EG 8.42026-01-13
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executab…
- CVE-2023-54336HIGHCVSS 8.4EG 8.42026-01-13
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\m…
- CVE-2023-54338HIGHCVSS 8.4EG 8.42026-01-13
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject mali…
- CVE-2023-54353HIGHCVSS 7.8EG 7.82026-06-19
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write acces…
- CVE-2023-6631HIGHCVSS 7.8EG 7.82024-01-08
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
- CVE-2023-7043LOWCVSS 3.3EG 3.32024-01-31
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
- CVE-2024-1201HIGHCVSS 7.8EG 7.82024-02-02
Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege…
- CVE-2024-1618HIGHCVSS 7.8EG 7.82024-03-12
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit t…
- CVE-2024-22437HIGHCVSS 7.3EG 7.32024-04-15
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.
- CVE-2024-24722CRITICALCVSS 9.1EG 9.12024-02-19
An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable serv…
- CVE-2024-25552HIGHCVSS 7.8EG 7.82024-03-01
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.
- CVE-2024-2747HIGHCVSS 7.8EG 7.82024-06-12
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.
- CVE-2024-31201MEDIUMCVSS 6.5EG 6.52024-07-31
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on…
- CVE-2024-31226MEDIUMCVSS 4.9EG 4.92024-05-16
Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\P…
- CVE-2024-31804MEDIUMCVSS 6.7EG 6.72024-04-23
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component.
- CVE-2024-34010HIGHCVSS 8.2EG 8.22024-04-29
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True …
- CVE-2024-36321HIGHCVSS 7.3EG 7.32025-05-13
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
- CVE-2024-3640HIGHCVSS 7.0EG 7.02024-05-16
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, w…
- CVE-2024-4031MEDIUMCVSS 4.4EG 4.42024-04-23
Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.
- CVE-2024-43457HIGHCVSS 7.8EG 7.82024-09-10
Windows Setup and Deployment Elevation of Privilege Vulnerability
- CVE-2024-4461HIGHCVSS 7.8EG 7.82024-05-03
Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escal…
- CVE-2024-5402HIGHCVSS 7.8EG 7.82024-07-15
Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. Th…
- CVE-2024-57276HIGHCVSS 7.3EG 7.32025-01-27
In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the servi…
- CVE-2024-58288HIGHCVSS 8.7EG 8.72025-12-11
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem priv…
- CVE-2024-58315HIGHCVSS 7.8EG 8.42025-12-30
Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting ma…
- CVE-2024-5963MEDIUMCVSS 6.7EG 6.72024-08-06
Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.
- CVE-2024-6080HIGHCVSS 7.8EG 7.82024-06-17
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to …
- CVE-2024-8975HIGHCVSS 7.3EG 7.32024-09-25
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.
- CVE-2024-8996HIGHCVSS 7.3EG 7.32024-09-25
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2
- CVE-2024-9287HIGHCVSS 7.8EG 7.82024-10-22
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scrip…
- CVE-2024-9325HIGHCVSS 7.8EG 7.82024-09-29
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The ma…
- CVE-2025-0035HIGHCVSS 7.3EG 7.32025-05-13
Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
- CVE-2025-0884HIGHCVSS 7.3EG 7.32025-03-12
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.
- CVE-2025-10199HIGHCVSS 7.8EG 7.82025-09-09
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.
- CVE-2025-10714HIGHCVSS 8.4EG 8.42025-11-11
AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to …
- CVE-2025-12247HIGHCVSS 7.0EG 7.02025-10-27
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to …
- CVE-2025-12286HIGHCVSS 7.0EG 7.02025-10-27
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack re…
- CVE-2025-12507HIGHCVSS 8.8EG 8.82025-10-31
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
- CVE-2025-13433HIGHCVSS 7.0EG 7.02025-11-20
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows…
- CVE-2025-14018HIGHCVSS 7.3EG 7.32025-12-22
Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affects e-Fatura: before 1.2.15.
- CVE-2025-1984MEDIUMCVSS 5.2EG 5.22025-03-12
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
- CVE-2025-21107HIGHCVSS 7.8EG 7.82025-01-30
Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le…
- CVE-2025-24831MEDIUMCVSS 6.6EG 6.62025-01-31
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.
- CVE-2025-32449MEDIUMCVSS 6.7EG 6.72025-11-11
Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity a…
Map vulnerabilities like CWE-428 to your infrastructure
EchelonGraph correlates every CVE — across CWE-428 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →