Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-428

CWE-428

Unquoted Search Path or Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

404 vulnerabilities with CWE-428

CVE-2026-25866 HIGH

MobaXterm <26.1 - Uncontrolled Search Path

CVE-2026-26033 MEDIUM

UPS MUMC 01.06.0001 - Privilege Escalation

CVE-2026-1585 MEDIUM

IJ Scan Utility 1.1.2-1.5.0 - Privilege Escalation

CVE-2026-2542 HIGH

Total VPN 0.5.29.0 - Privilege Escalation

CVE-2019-25345 HIGH

Realtek IIS Codec Service 6.4.10041.133 - Code Injection

CVE-2019-25310 HIGH

ActiveFax Server <6.92 Build 0316 - Code Injection

CVE-2019-25309 HIGH

Zilab Remote Console Server 3.2.9 - Privilege Escalation

CVE-2019-25308 HIGH

Mikogo <5.2.2.150317 - Code Injection

CVE-2019-25307 HIGH

WorkgroupMail 7.5.1 - Code Injection

CVE-2019-25306 HIGH

BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation

CVE-2026-24466 MEDIUM

Oki Electric Industry Co., Ltd. - Privilege Escalation

CVE-2019-25305 HIGH

JumpStart 0.6.0.0 - Code Injection

CVE-2019-25304 HIGH

SecurOS Enterprise 10.2 - Privilege Escalation

CVE-2019-25302 HIGH

Acer Launch Manager 6.1.7600.16385 - Privilege Escalation

CVE-2019-25293 HIGH

BlueStacks App Player 2.4.44.62.57 - Local Privilege Escalation

CVE-2019-25292 HIGH

Alps HID Monitor Service 8.1.0.10 - Code Injection

CVE-2019-25266 HIGH

Wondershare Application Framework Service 2.4.3.231 - Code Injection

CVE-2019-25288 HIGH

Wacom WTabletService 6.6.7-3 - Code Injection

CVE-2019-25287 HIGH

Adaware Web Companion 4.8.2078.3950 - Code Injection

CVE-2019-25286 HIGH

GCafé 3.0 - Privilege Escalation

CVE-2019-25285 HIGH

Alps Pointing-device Controller 8.1202.1711.04 - Code Injection

CVE-2019-25283 HIGH

Shrew Soft VPN Client 2.2.2 - Privilege Escalation

CVE-2019-25281 HIGH

NCP Secure Entry Client 9.2 - Code Injection

CVE-2019-25276 HIGH

Studio 5000 Logix Designer 30.01.00 - Privilege Escalation

CVE-2019-25275 HIGH

BartVPN 1.2.2 - Code Injection

Page 1 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy