Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2025-07-03 | N/A | 7.3 HIGH |
|
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | N/A | 7.3 HIGH |
|
Visual Studio Code Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 6.0 MEDIUM | 7.0 HIGH |
|
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in an ...
Show More |
|||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | N/A | 7.3 HIGH |
|
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | N/A | 7.3 HIGH |
|
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2024-28099 | 1 Keyence | 1 Vt Studio | 2025-06-30 | N/A | 7.8 HIGH |
|
VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
|
|||||
| CVE-2023-27859 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-06-20 | N/A | 6.5 MEDIUM |
|
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.
|
|||||
| CVE-2025-5129 | 1 Sangfor | 1 Atrust | 2025-06-17 | 6.0 MEDIUM | 7.0 HIGH |
|
A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not re ...
Show More |
|||||
| CVE-2024-47196 | 1 Siemens | 2 Modelsim, Questa | 2025-06-17 | N/A | 6.7 MEDIUM |
|
A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.
|
|||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
|
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
|
|||||
| CVE-2025-49148 | 2025-06-12 | N/A | 7.3 HIGH | ||
|
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or an ...
Show More |
|||||
| CVE-2024-33672 | 1 Veritas | 1 Netbackup | 2025-06-10 | N/A | 7.7 HIGH |
|
An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.
|
|||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2025-06-04 | N/A | 7.8 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938.
|
|||||
| CVE-2025-5180 | 2 Microsoft, Wondershare | 2 Windows, Filmora | 2025-06-03 | 6.0 MEDIUM | 7.0 HIGH |
|
A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early a ...
Show More |
|||||
| CVE-2025-27997 | 1 Blizzard | 1 Battle.net | 2025-06-03 | N/A | 8.4 HIGH |
|
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
|
|||||
| CVE-2023-51711 | 1 Regify | 1 Regipay | 2025-05-30 | N/A | 7.8 HIGH |
|
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.
|
|||||
| CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2025-05-29 | N/A | 7.8 HIGH |
|
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.
|
|||||
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2025-05-27 | 4.4 MEDIUM | 7.8 HIGH |
|
SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application.
|
|||||
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-05-27 | N/A | 8.8 HIGH |
|
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
|
|||||
| CVE-2025-2272 | 2025-05-23 | N/A | 7.0 HIGH | ||
|
Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05.
|
|||||
| CVE-2024-13946 | 2025-05-23 | N/A | 6.8 MEDIUM | ||
|
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
|
|||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2025-05-21 | N/A | 7.8 HIGH |
|
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
|
|||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2025-05-21 | N/A | 7.8 HIGH |
|
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and exec ...
Show More |
|||||
| CVE-2025-43553 | 1 Adobe | 1 Substance 3d Modeler | 2025-05-19 | N/A | 7.8 HIGH |
|
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a m ...
Show More |
|||||
| CVE-2025-22458 | 1 Ivanti | 1 Endpoint Manager | 2025-05-17 | N/A | 7.8 HIGH |
|
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
|
|||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
|
A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
|
|||||
| CVE-2025-20015 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-21099 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-46895 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-31073 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-20108 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-39833 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-47795 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-47800 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-20043 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-20041 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-4769 | 2025-05-16 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult.
|
|||||
| CVE-2025-4455 | 2025-05-12 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the atta ...
Show More |
|||||
| CVE-2025-4532 | 2025-05-12 | 6.0 MEDIUM | 7.0 HIGH | ||
|
A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early abou ...
Show More |
|||||
| CVE-2022-41796 | 1 Sony | 1 Content Transfer | 2025-05-07 | N/A | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||