Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30330 | 1 Softexpert | 1 Excellence Suite | 2025-01-24 | N/A | 9.8 CRITICAL |
| SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | |||||
| CVE-2023-29790 | 1 Kodcloud | 1 Kodbox | 2025-01-24 | N/A | 7.5 HIGH |
| kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | |||||
| CVE-2024-28133 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.8 HIGH |
| A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. | |||||
| CVE-2024-13524 | 2025-01-20 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise". | |||||
| CVE-2025-0567 | 2025-01-19 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. | |||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 7.8 HIGH |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | |||||
| CVE-2025-0459 | 2025-01-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7886 | 2025-01-10 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. | |||||
| CVE-2024-20693 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21435 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-12-27 | N/A | 8.8 HIGH |
| Windows OLE Remote Code Execution Vulnerability | |||||
| CVE-2024-20754 | 2 Adobe, Apple | 2 Lightroom, Macos | 2024-12-12 | N/A | 7.8 HIGH |
| Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-26198 | 1 Microsoft | 1 Exchange Server | 2024-12-06 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-34123 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-12-03 | N/A | 7.0 HIGH |
| Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high. | |||||
| CVE-2024-38305 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-25 | N/A | 7.3 HIGH |
| Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | |||||
| CVE-2024-6080 | 1 Intelbras | 1 Incontrol | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks. | |||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-11-21 | N/A | 9.8 CRITICAL |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | |||||
| CVE-2024-32019 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-30100 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-27303 | 2024-11-21 | N/A | 7.3 HIGH | ||
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | |||||
| CVE-2024-25103 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system. | |||||