Total
951 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30167 | 1 Jupyter | 1 Jupyter Core | 2025-09-08 | N/A | 7.3 HIGH |
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | |||||
| CVE-2025-9330 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-09-08 | N/A | 7.8 HIGH |
| Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Foxit Reader Update Service. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-25709. | |||||
| CVE-2025-55671 | 2025-09-05 | N/A | 7.8 HIGH | ||
| Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program. | |||||
| CVE-2024-24916 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-04 | N/A | 6.5 MEDIUM |
| Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | |||||
| CVE-2024-5292 | 1 Dlink | 1 Network Assistant | 2025-09-04 | N/A | 7.8 HIGH |
| D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426. | |||||
| CVE-2025-8614 | 2025-09-04 | N/A | 7.8 HIGH | ||
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-26766. | |||||
| CVE-2025-20079 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39284 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28952 | 2 Intel, Microsoft | 3 Integrated Performance Primitives, Oneapi Base Toolkit, Windows | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36245 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-6769 | 2025-08-29 | N/A | 6.7 MEDIUM | ||
| A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. | |||||
| CVE-2023-45320 | 1 Intel | 1 Vtune Profiler | 2025-08-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-9497 | 2025-08-27 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-21784 | 1 Intel | 2 Integrated Performance Primitives Cryptography, Oneapi Base Toolkit | 2025-08-27 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21772 | 1 Intel | 2 Advisor, Oneapi Base Toolkit | 2025-08-27 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21831 | 1 Intel | 1 Processor Diagnostic Tool | 2025-08-27 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-32917 | 1 Checkmk | 1 Checkmk | 2025-08-22 | N/A | 8.8 HIGH |
| Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | |||||
| CVE-2025-2629 | 1 Ni | 1 Labview | 2025-08-18 | N/A | 7.3 HIGH |
| There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | |||||
| CVE-2025-2630 | 1 Ni | 1 Labview | 2025-08-18 | N/A | 7.3 HIGH |
| There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | |||||
| CVE-2025-5480 | 1 Action1 | 1 Action1 | 2025-08-18 | N/A | 7.8 HIGH |
| Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767. | |||||