Total
554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5335 | 1 Autodesk | 1 Installer | 2025-08-19 | N/A | 7.8 HIGH |
| A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2025-5039 | 1 Autodesk | 6 Infrastructure Parts Editor, Inventor, Navisworks Manage and 3 more | 2025-08-19 | N/A | 7.8 HIGH |
| A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized. | |||||
| CVE-2024-7995 | 1 Autodesk | 1 Vred | 2025-08-18 | N/A | 7.8 HIGH |
| A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2025-23266 | 2025-08-16 | N/A | 9.0 CRITICAL | ||
| NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | |||||
| CVE-2025-9016 | 2025-08-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9000 | 2025-08-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49456 | 2025-08-13 | N/A | 6.2 MEDIUM | ||
| Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | |||||
| CVE-2025-49457 | 2025-08-13 | N/A | 9.6 CRITICAL | ||
| Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | |||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | N/A | 7.2 HIGH |
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2025-49124 | 1 Apache | 1 Tomcat | 2025-08-08 | N/A | 8.4 HIGH |
| Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | |||||
| CVE-2025-27743 | 1 Microsoft | 5 System Center Data Protection Manager, System Center Operations Manager, System Center Orchestrator and 2 more | 2025-07-10 | N/A | 7.8 HIGH |
| Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-30399 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2025-07-10 | N/A | 7.5 HIGH |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-0141 | 2025-07-10 | N/A | N/A | ||
| An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. | |||||
| CVE-2025-4540 | 2 Lodop, Microsoft | 2 C-lodop, Windows | 2025-07-08 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-4539 | 1 Todesk | 1 Todesk | 2025-07-08 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-50986 | 1 Clementine-player | 1 Clementine | 2025-07-07 | N/A | 7.3 HIGH |
| An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. | |||||
| CVE-2025-21399 | 1 Microsoft | 1 Edge Update | 2025-07-03 | N/A | 7.4 HIGH |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | |||||
| CVE-2024-45207 | 1 Veeam | 1 Veeam Agent For Windows | 2025-07-02 | N/A | 7.0 HIGH |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | |||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-21365 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||