Total
567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12168 | 2025-06-02 | N/A | N/A | ||
| Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used. | |||||
| CVE-2025-2501 | 2025-06-02 | N/A | 7.8 HIGH | ||
| An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||||
| CVE-2024-28060 | 2025-05-30 | N/A | 7.3 HIGH | ||
| An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2025-4971 | 2025-05-21 | N/A | N/A | ||
| Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. | |||||
| CVE-2025-4769 | 2025-05-16 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. | |||||
| CVE-2021-3305 | 1 Feishu | 1 Feishu | 2025-05-13 | N/A | 7.8 HIGH |
| Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. | |||||
| CVE-2025-4455 | 2025-05-12 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4532 | 2025-05-12 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-38060 | 1 Openstack | 1 Kolla | 2025-05-07 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | |||||
| CVE-2025-4272 | 2025-05-05 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2025-05-05 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2025-05-05 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2024-58250 | 2025-04-23 | N/A | 9.3 CRITICAL | ||
| The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. | |||||
| CVE-2017-2209 | 1 Santeikohyo | 1 Installer Of Houkokusyo Sakusei Shien Tool | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2188 | 1 Maff | 1 Denshinouhin Check System | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-8746 | 1 Apache | 1 Ranger | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | |||||
| CVE-2017-17809 | 1 Goldenfrog | 1 Vyprvpn | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | |||||
| CVE-2015-3887 | 1 Proxychains-ng Project | 1 Proxychains-ng | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path. | |||||
| CVE-2017-10829 | 1 Ntt | 1 Enkaku Support Tool | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-6803 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. | |||||