Total
926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36004 | 1 Ibm | 1 I | 2025-07-03 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-33122 | 1 Ibm | 1 I | 2025-07-03 | 7.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2024-55898 | 1 Ibm | 1 I | 2025-07-03 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2024-48992 | 1 Needrestart Project | 1 Needrestart | 2025-07-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | ||||
| CVE-2024-48990 | 1 Needrestart Project | 1 Needrestart | 2025-07-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. | ||||
| CVE-2025-32463 | 2025-07-03 | 9.3 Critical | ||
| Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | ||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2025-07-03 | 7.3 High |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | 7.3 High |
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 7 High |
| A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49144 | 2025-07-01 | 7.3 High | ||
| Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2. | ||||
| CVE-2024-28099 | 1 Keyence | 1 Vt Studio | 2025-06-30 | 7.8 High |
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2024-24916 | 2025-06-23 | 6.5 Medium | ||
| Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | ||||
| CVE-2025-4981 | 2025-06-23 | 9.9 Critical | ||
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default. | ||||
| CVE-2023-27859 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-06-20 | 6.5 Medium |
| IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. | ||||
| CVE-2025-30399 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-06-20 | 7.5 High |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-5981 | 2025-06-18 | N/A | ||
| Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. | ||||
| CVE-2023-32272 | 1 Intel | 1 Nuc Pro Software Suite | 2025-06-17 | 7.9 High |
| Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-29445 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2025-06-17 | 7.8 High |
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | ||||