Total
1120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13976 | 2026-04-15 | N/A | N/A | ||
| A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15. | |||||
| CVE-2024-36283 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-60749 | 2026-04-15 | N/A | 7.8 HIGH | ||
| DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe. | |||||
| CVE-2025-25059 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-30182 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-30506 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2026-25191 | 2026-04-15 | N/A | 7.8 HIGH | ||
| The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege. | |||||
| CVE-2024-9495 | 2026-04-15 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-39833 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-1804 | 2026-04-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | |||||
| CVE-2024-37024 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-1700 | 2026-04-15 | N/A | 7.0 HIGH | ||
| A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. | |||||
| CVE-2025-34109 | 2026-04-15 | N/A | N/A | ||
| PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2). | |||||
| CVE-2024-36291 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-7676 | 2026-04-15 | N/A | N/A | ||
| DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs. | |||||
| CVE-2024-21774 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31361 | 2026-04-15 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2023-51710 | 2026-04-15 | N/A | 4.2 MEDIUM | ||
| EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2025-26624 | 2026-04-15 | N/A | N/A | ||
| Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-34164 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||