Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11761 | 1 Hp | 1 Client Management Script Library | 2026-01-21 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. | |||||
| CVE-2025-10215 | 1 Updf | 1 Updf | 2026-01-20 | N/A | 7.8 HIGH |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | |||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-01-20 | N/A | 7.8 HIGH |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | |||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | N/A | 6.8 MEDIUM |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | |||||
| CVE-2023-53937 | 1 Hubstaff | 1 Hubstaff | 2026-01-14 | N/A | 7.8 HIGH |
| Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup. | |||||
| CVE-2022-50808 | 2026-01-14 | N/A | 8.4 HIGH | ||
| CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot. | |||||
| CVE-2025-14596 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | |||||
| CVE-2025-14599 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | |||||
| CVE-2025-14605 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. | |||||
| CVE-2025-13670 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability | |||||
| CVE-2025-13669 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3. | |||||
| CVE-2025-13664 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege. | |||||
| CVE-2025-13665 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| The System Console Utility for Windows is vulnerable to a DLL planting vulnerability | |||||
| CVE-2025-13668 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege. | |||||
| CVE-2025-66835 | 1 Trueconf | 1 Trueconf | 2026-01-09 | N/A | 7.1 HIGH |
| TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | |||||
| CVE-2024-9852 | 2026-01-09 | N/A | 7.8 HIGH | ||
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | |||||
| CVE-2024-8299 | 2026-01-09 | N/A | 7.8 HIGH | ||
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | |||||
| CVE-2025-64994 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. | |||||
| CVE-2025-64995 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges. | |||||
| CVE-2026-21427 | 2026-01-08 | N/A | 7.8 HIGH | ||
| The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. | |||||