Total
832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26266 | 1 Afl\+\+ Project | 1 Afl\+\+ | 2025-03-14 | N/A | 7.3 HIGH |
| In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | |||||
| CVE-2025-26631 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25003 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24998 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-1804 | 2025-03-07 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | |||||
| CVE-2023-23554 | 1 Sraoss | 1 Pg Ivm | 2025-03-06 | N/A | 8.8 HIGH |
| Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | |||||
| CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2025-03-06 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | |||||
| CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 6.7 MEDIUM |
| An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | |||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 9.8 CRITICAL |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
| CVE-2024-10930 | 2025-03-04 | N/A | N/A | ||
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | |||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-02-28 | N/A | 7.3 HIGH |
| Visual Studio Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-24578 | 1 Mcafee | 1 Total Protection | 2025-02-27 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. | |||||
| CVE-2022-4313 | 1 Tenable | 2 Nessus, Plugin Feed | 2025-02-27 | N/A | 8.8 HIGH |
| A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. | |||||
| CVE-2022-48422 | 2 Linux, Onlyoffice | 2 Linux Kernel, Document Server | 2025-02-27 | N/A | 7.8 HIGH |
| ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | |||||
| CVE-2021-31637 | 1 Uwamp Project | 1 Uwamp | 2025-02-26 | N/A | 7.8 HIGH |
| An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL. | |||||
| CVE-2023-28759 | 1 Veritas | 1 Netbackup | 2025-02-25 | N/A | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | |||||
| CVE-2022-26374 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
| Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-3433 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-02-24 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. | |||||
| CVE-2020-3153 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-02-24 | 4.9 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | |||||
| CVE-2022-28339 | 2025-02-24 | N/A | 7.3 HIGH | ||
| Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges. | |||||