The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Cod...

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affe...

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, mo...

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable...

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable...

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy ...

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l...

The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l...

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO ...

Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Win...

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to...

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could pot...

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into...

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc...

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in th...

Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted ser...

Windows Setup and Deployment Elevation of Privilege Vulnerability

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the mac...

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.

A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with...

Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquo...