Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59684 | 1 Digisign | 1 Digisigner One | 2025-10-08 | N/A | 8.8 HIGH |
|
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
|
|||||
| CVE-2025-11223 | 2025-10-06 | N/A | 7.8 HIGH | ||
|
Installer of
Panasonic
AutoDownloader
version 1.2.8
contains an issue with the DLL search path, which may lead to loading
a crafted DLL file in the same directory.
|
|||||
| CVE-2025-27237 | 2025-10-06 | N/A | N/A | ||
|
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
|
|||||
| CVE-2025-57781 | 2025-10-06 | N/A | 7.8 HIGH | ||
|
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
|
|||||
| CVE-2025-9267 | 2025-09-29 | N/A | N/A | ||
|
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory as the installer executable, leading to arbitrary code execution with the privileges of the user running the installer. The issue stems from the use of insecure DLL loading practices, such as relying on ...
Show More |
|||||
| CVE-2024-53977 | 1 Siemens | 2 Modelsim, Questa | 2025-09-25 | N/A | 6.7 MEDIUM |
|
A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.
|
|||||
| CVE-2025-9844 | 2025-09-24 | N/A | 8.8 HIGH | ||
|
Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.
|
|||||
| CVE-2025-35471 | 2 Conda-forge, Microsoft | 3 Miniforge, Openssl-feedstock, Windows | 2025-09-23 | N/A | 7.3 HIGH |
|
conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
|
|||||
| CVE-2025-57624 | 2025-09-17 | N/A | 7.8 HIGH | ||
|
A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.
|
|||||
| CVE-2025-9201 | 2025-09-15 | N/A | 7.8 HIGH | ||
|
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.
|
|||||
| CVE-2025-9000 | 1 Mechrevo | 1 Control Center Gx V2 | 2025-09-11 | 6.0 MEDIUM | 7.0 HIGH |
|
A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-9016 | 1 Mechrevo | 1 Control Center Gx V2 | 2025-09-11 | 6.0 MEDIUM | 7.0 HIGH |
|
A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-9059 | 2025-09-11 | N/A | N/A | ||
|
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.
|
|||||
| CVE-2025-40979 | 2025-09-11 | N/A | N/A | ||
|
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.
|
|||||
| CVE-2025-8614 | 1 Nomachine | 1 Nomachine | 2025-09-10 | N/A | 7.8 HIGH |
|
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulner ...
Show More |
|||||
| CVE-2025-49155 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 8.8 HIGH |
|
An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.
|
|||||
| CVE-2025-49158 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 6.7 MEDIUM |
|
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2024-55955 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | N/A | 6.7 MEDIUM |
|
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2025-9330 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-09-08 | N/A | 7.8 HIGH |
|
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage ...
Show More |
|||||
| CVE-2025-55671 | 2025-09-05 | N/A | 7.8 HIGH | ||
|
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.
|
|||||
| CVE-2024-24916 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-04 | N/A | 6.5 MEDIUM |
|
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
|
|||||
| CVE-2024-5292 | 1 Dlink | 1 Network Assistant | 2025-09-04 | N/A | 7.8 HIGH |
|
D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerabi ...
Show More |
|||||
| CVE-2025-20079 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-09-02 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-39284 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-09-02 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-28952 | 2 Intel, Microsoft | 3 Integrated Performance Primitives, Oneapi Base Toolkit, Windows | 2025-09-02 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36245 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-6769 | 2025-08-29 | N/A | 6.7 MEDIUM | ||
|
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
|
|||||
| CVE-2023-45320 | 1 Intel | 1 Vtune Profiler | 2025-08-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-9497 | 2025-08-27 | N/A | 8.6 HIGH | ||
|
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
|
|||||
| CVE-2024-21784 | 1 Intel | 2 Integrated Performance Primitives Cryptography, Oneapi Base Toolkit | 2025-08-27 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21772 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-08-27 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21831 | 1 Intel | 1 Processor Diagnostic Tool | 2025-08-27 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-32917 | 1 Checkmk | 1 Checkmk | 2025-08-22 | N/A | 8.8 HIGH |
|
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.
|
|||||
| CVE-2025-2629 | 1 Ni | 1 Labview | 2025-08-18 | N/A | 7.3 HIGH |
|
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
|
|||||
| CVE-2025-2630 | 1 Ni | 1 Labview | 2025-08-18 | N/A | 7.3 HIGH |
|
There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
|
|||||
| CVE-2023-44438 | 1 Ashlar | 1 Argon | 2025-08-18 | N/A | 8.8 HIGH |
|
Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulne ...
Show More |
|||||
| CVE-2023-44440 | 1 Ashlar | 1 Lithium | 2025-08-18 | N/A | 8.8 HIGH |
|
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this v ...
Show More |
|||||
| CVE-2023-44439 | 1 Ashlar | 1 Xenon | 2025-08-18 | N/A | 8.8 HIGH |
|
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulne ...
Show More |
|||||
| CVE-2024-41739 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2025-08-14 | N/A | 8.8 HIGH |
|
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.
|
|||||
| CVE-2025-2768 | 1 Bdrive | 1 Netdrive | 2025-08-14 | N/A | 7.8 HIGH |
|
Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage ...
Show More |
|||||