Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0400 | 2 Microsoft, Trellix | 2 Windows, Data Loss Prevention | 2025-03-26 | 5.9 Medium |
| The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | ||||
| CVE-2024-20366 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | 7.8 High |
| A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device. | ||||
| CVE-2022-31611 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-03-25 | 6.8 Medium |
| NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | ||||
| CVE-2024-44168 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2022-48077 | 1 Genymotion | 1 Genymotion Desktop | 2025-03-24 | 7.8 High |
| Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-43440 | 1 Checkmk | 1 Checkmk | 2025-03-24 | 8.8 High |
| Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | ||||
| CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2025-03-18 | 7.8 High |
| Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | ||||
| CVE-2023-26266 | 1 Afl\+\+ Project | 1 Afl\+\+ | 2025-03-14 | 7.3 High |
| In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. | ||||
| CVE-2025-24039 | 2025-03-12 | 7.3 High | ||
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-03-12 | 7.3 High |
| Visual Studio Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-1804 | 2025-03-07 | 7 High | ||
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | ||||
| CVE-2023-23554 | 1 Sraoss | 1 Pg Ivm | 2025-03-06 | 8.8 High |
| Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | ||||
| CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2025-03-06 | 7.3 High |
| A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | ||||
| CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | 6.7 Medium |
| An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | ||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | 9.8 Critical |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | ||||
| CVE-2024-55955 | 1 Trendmicro | 1 Deep Security Agent | 2025-03-05 | 6.7 Medium |
| An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-10930 | 2025-03-04 | N/A | ||
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | ||||
| CVE-2023-6132 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2025-03-04 | 7.3 High |
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | ||||
| CVE-2022-34755 | 1 Schneider-electric | 1 Easergy Builder Installer | 2025-03-03 | 6.3 Medium |
| A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | ||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2025-03-01 | 7.8 High |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | ||||