Total
1085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21843 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20065 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-12046 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. | |||||
| CVE-2024-33582 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-33579 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-34016 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | |||||
| CVE-2024-7886 | 2026-04-15 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. | |||||
| CVE-2025-23358 | 2026-04-15 | N/A | 8.2 HIGH | ||
| NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges. | |||||
| CVE-2024-26017 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-30033 | 2026-04-15 | N/A | 7.8 HIGH | ||
| The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. | |||||
| CVE-2025-30673 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672 | |||||
| CVE-2024-42405 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-30672 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite. | |||||
| CVE-2025-22838 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-62776 | 2026-04-15 | N/A | 7.8 HIGH | ||
| The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2024-39372 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34167 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-2207 | 2026-04-15 | N/A | 6.0 MEDIUM | ||
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities. | |||||
| CVE-2024-35245 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-40979 | 2026-04-15 | N/A | N/A | ||
| DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions. | |||||