Total
1120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23177 | 2026-04-15 | N/A | 7.6 HIGH | ||
| CWE-427: Uncontrolled Search Path Element | |||||
| CVE-2024-21841 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-32452 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-1729 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. | |||||
| CVE-2025-20043 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-9164 | 2026-04-15 | N/A | N/A | ||
| Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. | |||||
| CVE-2026-21408 | 2026-04-15 | N/A | 7.3 HIGH | ||
| beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges. | |||||
| CVE-2024-34028 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-59889 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center. | |||||
| CVE-2023-40155 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20041 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-11859 | 2026-04-15 | N/A | N/A | ||
| DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | |||||
| CVE-2019-25268 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. | |||||
| CVE-2025-13152 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2024-21818 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2026-2492 | 2026-04-15 | N/A | 7.0 HIGH | ||
| TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25480. | |||||
| CVE-2024-9491 | 2026-04-15 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2025-23309 | 2026-04-15 | N/A | 8.2 HIGH | ||
| NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering. | |||||
| CVE-2024-57426 | 2026-04-15 | N/A | 7.3 HIGH | ||
| NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries. | |||||
| CVE-2025-26860 | 2026-04-15 | N/A | 7.8 HIGH | ||
| RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. | |||||