Total
1123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41817 | 2 Imagemagick, Linux | 2 Imagemagick, Linux Kernel | 2025-11-20 | N/A | 7.0 HIGH |
| ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. | |||||
| CVE-2025-5480 | 2 Action1, Microsoft | 2 Agent, Windows | 2025-11-19 | N/A | 7.8 HIGH |
| Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767. | |||||
| CVE-2024-48992 | 1 Needrestart Project | 1 Needrestart | 2025-11-03 | N/A | 7.8 HIGH |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | |||||
| CVE-2024-48990 | 1 Needrestart Project | 1 Needrestart | 2025-11-03 | N/A | 7.8 HIGH |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. | |||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | |||||
| CVE-2025-1131 | 1 Sangoma | 2 Asterisk, Certified Asterisk | 2025-11-03 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart. | |||||
| CVE-2024-42190 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.5 MEDIUM |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | |||||
| CVE-2024-42191 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.5 MEDIUM |
| HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. | |||||
| CVE-2020-3433 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-10-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. | |||||
| CVE-2020-3153 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-10-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | |||||
| CVE-2025-23355 | 2 Microsoft, Nvidia | 2 Windows, Nsight Graphics | 2025-10-22 | N/A | 6.7 MEDIUM |
| NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service. | |||||
| CVE-2025-57716 | 1 Fortinet | 1 Forticlient | 2025-10-15 | N/A | 6.7 MEDIUM |
| An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder. | |||||
| CVE-2025-62185 | 1 Ankitects | 1 Anki | 2025-10-10 | N/A | 6.7 MEDIUM |
| In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe. | |||||
| CVE-2025-49487 | 2 Microsoft, Trendmicro | 2 Windows, Worry-free Business Security Services | 2025-10-09 | N/A | 6.8 MEDIUM |
| An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | |||||
| CVE-2025-59684 | 1 Digisign | 1 Digisigner One | 2025-10-08 | N/A | 8.8 HIGH |
| DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking. | |||||
| CVE-2024-53977 | 1 Siemens | 2 Modelsim, Questa | 2025-09-25 | N/A | 6.7 MEDIUM |
| A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. | |||||
| CVE-2025-35471 | 2 Conda-forge, Microsoft | 3 Miniforge, Openssl-feedstock, Windows | 2025-09-23 | N/A | 7.3 HIGH |
| conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected. | |||||
| CVE-2025-8614 | 1 Nomachine | 1 Nomachine | 2025-09-10 | N/A | 7.8 HIGH |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-26766. | |||||
| CVE-2025-49155 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 8.8 HIGH |
| An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations. | |||||
| CVE-2025-49158 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 6.7 MEDIUM |
| An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||