Total
1085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33578 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2025-57624 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | |||||
| CVE-2025-31647 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-20092 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2026-0776 | 2026-04-15 | N/A | 7.3 HIGH | ||
| Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27057. | |||||
| CVE-2025-64772 | 2026-04-15 | N/A | 7.8 HIGH | ||
| The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | |||||
| CVE-2025-32780 | 2026-04-15 | N/A | 7.3 HIGH | ||
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | |||||
| CVE-2025-21093 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-5470 | 2026-04-15 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275. | |||||
| CVE-2024-48091 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | |||||
| CVE-2025-71178 | 2026-04-15 | N/A | N/A | ||
| Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges. | |||||
| CVE-2024-38387 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-10939 | 2026-04-15 | N/A | 3.7 LOW | ||
| A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed. | |||||
| CVE-2025-5469 | 2026-04-15 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245 | |||||
| CVE-2023-39929 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21769 | 2026-04-15 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-10068 | 2026-04-15 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-56383 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users. | |||||
| CVE-2024-29734 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2025-14498 | 2026-04-15 | N/A | 7.8 HIGH | ||
| TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the Electron framework. The product loads a script file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27395. | |||||