Skip to main content

CWE-428

Unquoted Search Path or Element

374 CVEs Avg CVSS 7.7 MITRE
6
CRITICAL
317
HIGH
48
MEDIUM
3
LOW
218
POC
0
KEV

Monthly

CVE-2026-9128 HIGH This Week

Local arbitrary code execution in Rockwell Automation Studio 5000 Logix Designer arises because the External Tools configuration stores executable paths that contain spaces without quoting (CWE-428). A low-privileged local user who can write a malicious binary into an earlier segment of the resolved search path can have Windows execute it in place of the intended tool, running code with the privileges of the operator using the application. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 score is 7.3 (High), tempered by local access, high attack complexity, a present attack requirement, and required active user interaction.

RCE Studio 5000 Logix Designer
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-8864 HIGH PATCH This Week

Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

HP Privilege Escalation Hp Fan Control App
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-71326 HIGH POC This Week

Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.

Code Injection Avast Antivirus
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2023-54353 HIGH POC This Week

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromacam
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2022-50971 HIGH POC This Week

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Malwarebytes
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2021-47985 HIGH POC This Week

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sapsprint
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37254 HIGH POC This Week

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Pdfelement
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37253 HIGH POC This Week

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Winstep
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37252 HIGH POC This Week

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtek Audio Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-37251 HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB
CVSS 4.0
8.5
EPSS
0.1%
EPSS 0% CVSS 7.3
HIGH This Week

Local arbitrary code execution in Rockwell Automation Studio 5000 Logix Designer arises because the External Tools configuration stores executable paths that contain spaces without quoting (CWE-428). A low-privileged local user who can write a malicious binary into an earlier segment of the resolved search path can have Windows execute it in place of the intended tool, running code with the privileges of the operator using the application. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 4.0 score is 7.3 (High), tempered by local access, high attack complexity, a present attack requirement, and required active user interaction.

RCE Studio 5000 Logix Designer
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

HP Privilege Escalation Hp Fan Control App
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Local privilege escalation in Avast Antivirus 25.11 allows non-privileged Windows users to execute arbitrary code as SYSTEM by abusing an unquoted service path in the SecureLine service. Publicly available exploit code exists (Exploit-DB 52510), and the issue was reported by VulnCheck; no public exploit identified at time of analysis indicates wider active exploitation, but the low-complexity local vector makes this attractive for post-compromise escalation.

Code Injection Avast Antivirus
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Chromacam
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Malwarebytes
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sapsprint
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Pdfelement
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Winstep
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtek Audio Service
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Realtimes Desktop Service
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy