CWE-428— Unquoted Search Path or Element
410 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-428page 6 of 9
- CVE-2022-25031HIGHCVSS 7.8EG 7.82022-03-03
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
- CVE-2022-26634HIGHCVSS 7.8EG 7.82022-05-20
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
- CVE-2022-27050HIGHCVSS 7.8EG 7.82022-03-31
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
- CVE-2022-27052HIGHCVSS 7.8EG 7.82022-03-31
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
- CVE-2022-27088HIGHCVSS 7.8EG 7.82022-04-11
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
- CVE-2022-27089HIGHCVSS 7.8EG 7.82022-04-11
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
- CVE-2022-27094MEDIUMCVSS 6.7EG 6.72022-05-20
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
- CVE-2022-27095HIGHCVSS 7.8EG 7.82022-05-20
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
- CVE-2022-27592MEDIUMCVSS 6.7EG 6.72024-09-06
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.…
- CVE-2022-27905HIGHCVSS 7.2EG 7.22022-04-27
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
- CVE-2022-27963MEDIUMCVSS 6.5EG 6.52022-03-31
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- CVE-2022-27964MEDIUMCVSS 6.5EG 6.52022-03-31
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- CVE-2022-27965MEDIUMCVSS 6.5EG 6.52022-03-31
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- CVE-2022-27966MEDIUMCVSS 6.5EG 6.52022-03-31
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- CVE-2022-29320HIGHCVSS 7.8EG 7.82022-05-20
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
- CVE-2022-31590HIGHCVSS 7.8EG 7.82022-06-14
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which co…
- CVE-2022-31591HIGHCVSS 7.8EG 7.82022-07-12
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
- CVE-2022-33920HIGHCVSS 7.8EG 7.82022-10-12
Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
- CVE-2022-34848MEDIUMCVSS 6.7EG 6.72023-05-10
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-35292HIGHCVSS 7.8EG 7.82022-09-13
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If …
- CVE-2022-35899HIGHCVSS 7.8EG 7.82022-07-21
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
- CVE-2022-36344CRITICALCVSS 9.8EG 9.82022-08-16
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program wit…
- CVE-2022-36384MEDIUMCVSS 6.7EG 7.32022-11-11
Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-37197HIGHCVSS 7.8EG 7.82022-11-18
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
- CVE-2022-38101MEDIUMCVSS 6.7EG 6.72023-05-10
Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-39959HIGHCVSS 7.8EG 7.82022-10-07
Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\P…
- CVE-2022-41693MEDIUMCVSS 6.7EG 6.72023-05-10
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-4258HIGHCVSS 7.8EG 7.82023-01-16
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
- CVE-2022-43474MEDIUMCVSS 6.7EG 6.72023-05-10
Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-44264HIGHCVSS 7.8EG 7.82023-01-26
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.
- CVE-2022-4429MEDIUMCVSS 5.3EG 4.42023-01-10
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
- CVE-2022-46662MEDIUMCVSS 6.7EG 6.72022-12-21
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the p…
- CVE-2022-50688HIGHCVSS 8.4EG 8.42025-12-22
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBa…
- CVE-2022-50693HIGHCVSS 8.4EG 8.42026-01-13
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files…
- CVE-2022-50900HIGHCVSS 8.4EG 8.42026-01-13
Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code th…
- CVE-2022-50901HIGHCVSS 8.4EG 8.42026-01-13
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wo…
- CVE-2022-50903HIGHCVSS 8.4EG 8.42026-01-13
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing m…
- CVE-2022-50904HIGHCVSS 8.4EG 8.42026-01-13
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inj…
- CVE-2022-50913HIGHCVSS 8.4EG 8.42026-01-13
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated acces…
- CVE-2022-50914HIGHCVSS 8.4EG 8.42026-01-13
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
- CVE-2022-50915HIGHCVSS 7.8EG 8.42026-01-13
PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program F…
- CVE-2022-50917HIGHCVSS 7.8EG 8.42026-01-13
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executa…
- CVE-2022-50918HIGHCVSS 8.4EG 8.42026-01-13
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables…
- CVE-2022-50920HIGHCVSS 8.4EG 8.42026-01-13
Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious exec…
- CVE-2022-50921HIGHCVSS 7.8EG 8.42026-01-13
WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables…
- CVE-2022-50923HIGHCVSS 7.8EG 8.42026-01-13
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject mal…
- CVE-2022-50924HIGHCVSS 8.4EG 8.42026-01-13
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration…
- CVE-2022-50928HIGHCVSS 7.8EG 8.42026-01-13
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program File…
- CVE-2022-50929HIGHCVSS 8.4EG 8.42026-01-13
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x8…
- CVE-2022-50930HIGHCVSS 8.4EG 8.42026-01-13
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the servic…
Map vulnerabilities like CWE-428 to your infrastructure
EchelonGraph correlates every CVE — across CWE-428 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →