Total
863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0457 | 1 Opera | 1 Opera Browser | 2025-04-03 | 7.2 HIGH | N/A |
| Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | |||||
| CVE-2020-5419 | 2 Broadcom, Pivotal Software | 2 Rabbitmq Server, Rabbitmq | 2025-04-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. | |||||
| CVE-2025-30673 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672 | |||||
| CVE-2025-30672 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite. | |||||
| CVE-2025-3051 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672 | |||||
| CVE-2022-47632 | 2 Microsoft, Razer | 2 Windows, Synapse | 2025-03-28 | N/A | 6.8 MEDIUM |
| Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. | |||||
| CVE-2023-42920 | 2 Apple, Claris | 3 Macos, Claris Pro, Filemaker Pro | 2025-03-26 | N/A | 7.8 HIGH |
| Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. | |||||
| CVE-2020-23438 | 1 Wondershare | 1 Filmora | 2025-03-26 | N/A | 7.8 HIGH |
| Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. | |||||
| CVE-2024-20366 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | N/A | 7.8 HIGH |
| A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device. | |||||
| CVE-2024-44168 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | |||||
| CVE-2022-48077 | 1 Genymotion | 1 Genymotion Desktop | 2025-03-24 | N/A | 7.8 HIGH |
| Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | |||||
| CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2025-03-18 | N/A | 7.8 HIGH |
| Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | |||||
| CVE-2023-26266 | 1 Afl\+\+ Project | 1 Afl\+\+ | 2025-03-14 | N/A | 7.3 HIGH |
| In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | |||||
| CVE-2025-26631 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25003 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24998 | 2025-03-11 | N/A | 7.3 HIGH | ||
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-1804 | 2025-03-07 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | |||||
| CVE-2023-23554 | 1 Sraoss | 1 Pg Ivm | 2025-03-06 | N/A | 8.8 HIGH |
| Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | |||||
| CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2025-03-06 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | |||||
| CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 6.7 MEDIUM |
| An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | |||||