Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-428

CWE-428

Unquoted Search Path or Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

418 vulnerabilities with CWE-428

CVE-2026-7280 MEDIUM

eMPIA Technology｜AVACAST - Unquoted Service Path

CVE-2026-5789 HIGH

Search path without quotes in CivetWeb

CVE-2026-34768 LOW

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

CVE-2026-33253 MEDIUM

SANYO DENKI SANUPS SOFTWARE 1.0.1-1.1.4 - Privilege Escalation

CVE-2026-25866 HIGH

MobaXterm <26.1 - Uncontrolled Search Path

CVE-2026-26034 HIGH

UPS MUMC 01.06.0001 - Privilege Escalation

CVE-2026-26033 MEDIUM

UPS MUMC 01.06.0001 - Privilege Escalation

CVE-2026-1585 MEDIUM

IJ Scan Utility 1.1.2-1.5.0 - Privilege Escalation

CVE-2026-2542 HIGH

Total VPN 0.5.29.0 - Privilege Escalation

CVE-2026-24466 MEDIUM

Oki Electric Industry Co., Ltd. - Privilege Escalation

CVE-2025-41359 HIGH

Multiple vulnerabilities in Small HTTP server by Smallsrv

CVE-2025-36384 HIGH

IBM Db2 for Windows <12.1.3 - Privilege Escalation

CVE-2025-59888 MEDIUM

Eaton UPS Companion - Code Injection

CVE-2025-14018 HIGH

NetBT Consulting Services Inc. E-Fatura <1.2.15 - Path Traversal

CVE-2025-34499 MEDIUM

AnyDesk 7.0.15,9.0.1 - Code Injection

CVE-2025-66271 MEDIUM

Clone for Windows - Code Injection

CVE-2025-66461 MEDIUM

FULLBACK Manager Pro - Code Injection

CVE-2025-66575 HIGH

VeeVPN 1.6.1 - Code Injection

CVE-2025-66269 HIGH

UPSilon 2000 - Privilege Escalation

CVE-2025-66264 HIGH

CMService.exe - Privilege Escalation

CVE-2025-13433 HIGH

Muse Group MuseHub 2.1.0.1567 - Path Traversal

CVE-2025-32449 MEDIUM

PRI Driver <03.03.1002 - Privilege Escalation

CVE-2025-10714 HIGH

AXIS Optimizer - Privilege Escalation

CVE-2025-64151 MEDIUM

Roboticsware - Privilege Escalation

CVE-2025-62225 MEDIUM

Sony Optical Disc Archive - Privilege Escalation

Page 1 of 17 Next

Details

Vulnerabilities 418

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy