Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11792 | 2 Acronis, Microsoft | 2 Agent, Windows | 2026-03-13 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. | |||||
| CVE-2026-28711 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2026-03-11 | N/A | 6.3 MEDIUM |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | |||||
| CVE-2026-28712 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2026-03-11 | N/A | 6.3 MEDIUM |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | |||||
| CVE-2026-24317 | 2026-03-11 | N/A | 5.0 MEDIUM | ||
| SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's context provided GuiXT is enabled. This vulnerability has a low impact on confidentiality, integrity, and availability. | |||||
| CVE-2026-2713 | 2026-03-11 | N/A | 7.4 HIGH | ||
| IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2026-29610 | 1 Openclaw | 1 Openclaw | 2026-03-11 | N/A | 8.8 HIGH |
| OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution. | |||||
| CVE-2026-3787 | 2 Microsoft, Uvnc | 2 Windows, Ultravnc | 2026-03-10 | 6.0 MEDIUM | 7.0 HIGH |
| A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-30896 | 1 Q-see | 1 Qsee Client | 2026-03-10 | N/A | 7.8 HIGH |
| The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege. | |||||
| CVE-2026-28456 | 1 Openclaw | 1 Openclaw | 2026-03-09 | N/A | 7.2 HIGH |
| OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import(), allowing code execution. An attacker with gateway configuration modification access can load and execute unintended local modules in the Node.js process. | |||||
| CVE-2025-15558 | 2 Docker, Microsoft | 2 Command Line Interface, Windows | 2026-03-09 | N/A | 8.0 HIGH |
| Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code. | |||||
| CVE-2026-24502 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2026-03-05 | N/A | 8.8 HIGH |
| Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-22270 | 1 Dell | 1 Powerscale Onefs | 2026-03-04 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure. | |||||
| CVE-2026-3091 | 1 Synology | 1 Presto Client | 2026-03-04 | N/A | 6.7 MEDIUM |
| An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer. | |||||
| CVE-2026-25129 | 1 Psysh | 1 Psysh | 2026-02-27 | N/A | 6.7 MEDIUM |
| PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When the victim runs PsySH with elevated privileges (e.g., root), this results in local privilege escalation. This is a CWD configuration poisoning issue leading to arbitrary code execution in the victim user’s context. If a privileged user (e.g., root, a CI runner, or an ops/debug account) launches PsySH with CWD set to an attacker-writable directory containing a malicious `.psysh.php`, the attacker can execute commands with that privileged user’s permissions, resulting in local privilege escalation. Downstream consumers that embed PsySH inherit this risk. For example, Laravel Tinker (`php artisan tinker`) uses PsySH. If a privileged user runs Tinker while their shell is in an attacker-writable directory, the `.psysh.php` auto-load behavior can be abused in the same way to execute attacker-controlled code under the victim’s privileges. Versions 0.11.23 and 0.12.19 patch the issue. | |||||
| CVE-2026-26097 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | |||||
| CVE-2026-26098 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | |||||
| CVE-2026-26099 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request. | |||||
| CVE-2026-25191 | 2026-02-27 | N/A | 7.8 HIGH | ||
| The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege. | |||||
| CVE-2026-21420 | 1 Dell | 1 Repository Manager | 2026-02-24 | N/A | 7.3 HIGH |
| Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges. | |||||
| CVE-2022-22528 | 2 Microsoft, Sap | 2 Windows, Adaptive Server Enterprise | 2026-02-24 | 4.4 MEDIUM | 7.8 HIGH |
| SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | |||||