Filtered by CWE-427
Filtered by vendor Subscriptions
Total 932 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20338 2 Cisco, Linux 2 Secure Client, Linux Kernel 2025-07-22 7.3 High
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.
CVE-2025-32463 6 Canonical, Debian, Opensuse and 3 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2025-07-22 9.3 Critical
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVE-2025-7427 2025-07-22 N/A
Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio.
CVE-2025-1700 2025-07-21 7 High
A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.
CVE-2025-7472 2025-07-18 7.5 High
A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.
CVE-2025-1729 2025-07-18 6.7 Medium
A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.
CVE-2025-34109 2025-07-17 N/A
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
CVE-2025-48496 1 Emerson 1 Valvelink 2025-07-15 5.1 Medium
Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2025-30399 4 Apple, Linux, Microsoft and 1 more 8 Macos, Linux Kernel, .net and 5 more 2025-07-11 7.5 High
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-29802 1 Microsoft 1 Visual Studio 2022 2025-07-10 7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29803 1 Microsoft 5 Sql Server Management Studio, Visual Studio Tools For Applications 2019, Visual Studio Tools For Applications 2019 Sdk and 2 more 2025-07-10 7.3 High
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-4981 1 Mattermost 2 Mattermost, Mattermost Server 2025-07-08 9.9 Critical
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.
CVE-2025-4539 1 Todesk 1 Todesk 2025-07-08 7 High
A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-29817 1 Microsoft 1 Power Automate For Desktop 2025-07-08 5.7 Medium
Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2025-36004 1 Ibm 1 I 2025-07-03 8.8 High
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-33122 1 Ibm 1 I 2025-07-03 7.5 High
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2024-55898 1 Ibm 1 I 2025-07-03 8.5 High
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2024-48992 1 Needrestart Project 1 Needrestart 2025-07-03 7.8 High
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
CVE-2024-48990 1 Needrestart Project 1 Needrestart 2025-07-03 7.8 High
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
CVE-2025-26631 1 Microsoft 1 Visual Studio Code 2025-07-03 7.3 High
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.