Total
626 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26198 | 1 Microsoft | 1 Exchange Server | 2025-05-03 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2024-20693 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-03 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-31253 | 1 Opensuse | 1 Openldap2 | 2025-05-01 | 7.1 High |
| A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1. | ||||
| CVE-2023-23920 | 3 Debian, Nodejs, Redhat | 5 Debian Linux, Node.js, Enterprise Linux and 2 more | 2025-04-30 | 4.2 Medium |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | ||||
| CVE-2021-21055 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2025-04-23 | 6.2 Medium |
| Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure. | ||||
| CVE-2021-21078 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2025-04-23 | 6.5 Medium |
| Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction | ||||
| CVE-2022-24826 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2025-04-23 | 9.8 Critical |
| On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended program is not found in any directory listed in `PATH`. The vulnerability occurs because when Git LFS detects that the program it intends to run does not exist in any directory listed in `PATH` then Git LFS passes an empty string as the executable file path to the Go `os/exec` package, which contains a bug such that, on Windows, it prepends the name of the current working directory (i.e., `.`) to the empty string without adding a path separator, and as a result searches in that directory for a file with the base name `.` combined with any file extension from `PATHEXT`, executing the first one it finds. (The reason `..bat` and `..cmd` files are not executed in the same manner is that, although the Go `os/exec` package tries to execute them just as it does a `..exe` file, the Microsoft Win32 API `CreateProcess()` family of functions have an undocumented feature in that they apparently recognize when a caller is attempting to execute a batch script file and instead run the `cmd.exe` command interpreter, passing the full set of command line arguments as parameters. These are unchanged from the command line arguments set by Git LFS, and as such, the intended program's name is the first, resulting in a command line like `cmd.exe /c git`, which then fails.) Git LFS has resolved this vulnerability by always reporting an error when a program is not found in any directory listed in `PATH` rather than passing an empty string to the Go `os/exec` package in this case. The bug in the Go `os/exec` package has been reported to the Go project and is expected to be patched after this security advisory is published. The problem was introduced in version 2.12.1 and is patched in version 3.1.3. Users of affected versions should upgrade to version 3.1.3. There are currently no known workarounds at this time. | ||||
| CVE-2022-31012 | 1 Gitforwindows | 1 Git | 2025-04-23 | 8.2 High |
| Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`. | ||||
| CVE-2022-36070 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2025-04-23 | 7.3 High |
| Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. | ||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2025-04-23 | 8.4 High |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | ||||
| CVE-2024-58250 | 2025-04-23 | 9.3 Critical | ||
| The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. | ||||
| CVE-2017-2225 | 1 Mext | 1 Ebidsettingchecker | 2025-04-20 | N/A |
| Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-12414 | 1 Pcfreetime | 1 Format Factory | 2025-04-20 | N/A |
| Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll. | ||||
| CVE-2017-2227 | 1 Charamin | 1 Omp | 2025-04-20 | N/A |
| Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-11657 | 1 Dashlane | 1 Dashlane | 2025-04-20 | 7.3 High |
| Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | ||||
| CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2025-04-20 | N/A |
| A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | ||||
| CVE-2017-2266 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-1144 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | N/A |
| IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | ||||
| CVE-2017-11158 | 2 Microsoft, Synology | 2 Windows, Cloud Station Drive | 2025-04-20 | N/A |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | ||||
| CVE-2017-2219 | 1 Baidu | 1 Simeji | 2025-04-20 | N/A |
| Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||