Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15569 | 2026-02-10 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.
|
|||||
| CVE-2024-10930 | 1 Carrier | 1 Block Load | 2026-02-05 | N/A | 7.8 HIGH |
|
An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.
|
|||||
| CVE-2025-11178 | 2026-02-03 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679.
|
|||||
| CVE-2026-24694 | 2026-02-03 | N/A | 7.8 HIGH | ||
|
The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.
|
|||||
| CVE-2025-33231 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2026-02-02 | N/A | 6.7 MEDIUM |
|
NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.
|
|||||
| CVE-2025-33229 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2026-02-02 | N/A | 7.3 HIGH |
|
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
|
|||||
| CVE-2025-10581 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
|
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
|
|||||
| CVE-2026-23755 | 1 Dlink | 1 D-view 8 | 2026-01-30 | N/A | 7.3 HIGH |
|
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full s ...
Show More |
|||||
| CVE-2025-66476 | 2 Microsoft, Vim | 2 Windows, Vim | 2026-01-30 | N/A | 7.8 HIGH |
|
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it ma ...
Show More |
|||||
| CVE-2025-33208 | 2 Canonical, Nvidia | 2 Ubuntu Linux, Tao Toolkit | 2026-01-30 | N/A | 8.8 HIGH |
|
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.
|
|||||
| CVE-2025-13919 | 2026-01-30 | N/A | 4.4 MEDIUM | ||
|
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.
|
|||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-30 | N/A | 7.8 HIGH |
|
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
|
|||||
| CVE-2025-10214 | 1 Updf | 1 Updf | 2026-01-29 | N/A | 7.8 HIGH |
|
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.
|
|||||
| CVE-2025-10213 | 1 Updf | 1 Updf | 2026-01-29 | N/A | 7.8 HIGH |
|
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence.
|
|||||
| CVE-2025-14625 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.
|
|||||
| CVE-2025-30248 | 2026-01-27 | N/A | N/A | ||
|
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.
|
|||||
| CVE-2026-21408 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.
|
|||||
| CVE-2025-71178 | 2026-01-27 | N/A | N/A | ||
|
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execut ...
Show More |
|||||
| CVE-2026-0776 | 2026-01-26 | N/A | 7.3 HIGH | ||
|
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate ...
Show More |
|||||
| CVE-2025-30167 | 1 Jupyter | 1 Jupyter Core | 2026-01-23 | N/A | 7.3 HIGH |
|
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to recei ...
Show More |
|||||
| CVE-2025-65118 | 1 Aveva | 1 Process Optimization | 2026-01-22 | N/A | 8.8 HIGH |
|
The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of the Model Application Server.
|
|||||
| CVE-2025-14406 | 1 Sodapdf | 1 Soda Pdf | 2026-01-21 | N/A | 7.8 HIGH |
|
Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverag ...
Show More |
|||||
| CVE-2025-11761 | 1 Hp | 1 Client Management Script Library | 2026-01-21 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
|
|||||
| CVE-2025-10215 | 1 Updf | 1 Updf | 2026-01-20 | N/A | 7.8 HIGH |
|
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.
|
|||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-01-20 | N/A | 7.8 HIGH |
|
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.
|
|||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A | 6.8 MEDIUM |
|
PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker ca ...
Show More |
|||||
| CVE-2023-53937 | 1 Hubstaff | 1 Hubstaff | 2026-01-14 | N/A | 7.8 HIGH |
|
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.
|
|||||
| CVE-2023-28745 | 1 Intel | 1 Qsfp\+ Configuration Utility | 2026-01-14 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-50808 | 2026-01-14 | N/A | 8.4 HIGH | ||
|
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot.
|
|||||
| CVE-2025-14596 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
|
|||||
| CVE-2025-14599 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on Windows, Altera Quartus Prime Lite
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
|
|||||
| CVE-2025-14605 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
|
|||||
| CVE-2025-13670 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability
|
|||||
| CVE-2025-13669 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.
|
|||||
| CVE-2025-13664 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.
|
|||||
| CVE-2025-13665 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
The System Console Utility for Windows is vulnerable to a DLL planting vulnerability
|
|||||
| CVE-2025-13668 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
|
A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
|
|||||
| CVE-2025-66835 | 1 Trueconf | 1 Trueconf | 2026-01-09 | N/A | 7.1 HIGH |
|
TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.
|
|||||
| CVE-2024-9852 | 2026-01-09 | N/A | 7.8 HIGH | ||
|
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a m ...
Show More |
|||||
| CVE-2024-8299 | 2026-01-09 | N/A | 7.8 HIGH | ||
|
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a m ...
Show More |
|||||