Total
1120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9492 | 2026-04-15 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2025-25011 | 2026-04-15 | N/A | 7.0 HIGH | ||
| An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. | |||||
| CVE-2026-2361 | 2026-04-15 | N/A | 8.0 HIGH | ||
| PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions | |||||
| CVE-2025-49148 | 2026-04-15 | N/A | 7.3 HIGH | ||
| ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5. | |||||
| CVE-2024-57963 | 2026-04-15 | N/A | 7.3 HIGH | ||
| Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:. | |||||
| CVE-2024-12530 | 2026-04-15 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. | |||||
| CVE-2024-24852 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-11940 | 2026-04-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component. | |||||
| CVE-2025-35972 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-24923 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-33580 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2025-7472 | 2026-04-15 | N/A | 7.5 HIGH | ||
| A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. | |||||
| CVE-2025-32001 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2024-47800 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-48503 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2026-2538 | 2026-04-15 | 6.0 MEDIUM | 7.0 HIGH | ||
| A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47795 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-10089 | 2026-04-15 | N/A | 7.7 HIGH | ||
| Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) all versions, and MILCO.S Easy Switch Application (IR) all versions allows a local attacker to execute malicious code by having installer to load a malicious DLL. However, if the signer name "Mitsubishi Electric Lighting" appears on the "Digital Signatures" tab of the properties for "MILCO.S Lighting Control.exe", the application is a fixed one. This vulnerability only affects when the installer is run, not after installation. If a user downloads directly from Mitsubishi Electric website and installs the affected product, there is no risk of malicious code being introduced. | |||||
| CVE-2024-31407 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-52541 | 2026-04-15 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||