ReportizFlow
Filtered by vendor
Subscriptions
Total
1142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33231 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2026-02-26 | 6.7 Medium |
| NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure. | ||||
| CVE-2022-22528 | 2 Microsoft, Sap | 2 Windows, Adaptive Server Enterprise | 2026-02-24 | 7.8 High |
| SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | ||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2026-02-23 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2025-30399 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2026-02-20 | 7.5 High |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-5471 | 2 Apple, Yandex | 2 Macos, Yandex Telemost | 2026-02-19 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1. | ||||
| CVE-2025-53000 | 2 Jupyter, Microsoft | 2 Nbconvert, Windows | 2026-02-18 | 7.8 High |
| The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0. | ||||
| CVE-2025-67450 | 1 Eaton | 1 Ups Companion | 2026-02-18 | 7.8 High |
| Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | ||||
| CVE-2025-59887 | 1 Eaton | 1 Ups Companion | 2026-02-18 | 8.6 High |
| Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | ||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2026-02-13 | 7.3 High |
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Visual Studio Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29802 | 1 Microsoft | 1 Visual Studio 2022 | 2026-02-13 | 7.3 High |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29803 | 1 Microsoft | 7 .vsta Sdk, Sql Server Management Studio, Visual Studio Tools For Applications and 4 more | 2026-02-13 | 7.3 High |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2026-02-13 | 5.7 Medium |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2026-02-10 | 6.7 Medium |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-10930 | 1 Carrier | 1 Block Load | 2026-02-05 | 7.8 High |
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | ||||
| CVE-2025-33208 | 2 Canonical, Nvidia | 3 Ubuntu Linux, Tao, Tao Toolkit | 2026-01-30 | 8.8 High |
| NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. | ||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-30 | 7.8 High |
| An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | ||||