ReportizFlow
Filtered by vendor
Subscriptions
Total
1142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10214 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-29 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10213 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-29 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-14625 | 3 Altera, Intel, Microsoft | 4 Quartus Prime Lite, Quartus Prime Standard, Quartus Prime and 1 more | 2026-01-29 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. | ||||
| CVE-2025-30167 | 1 Jupyter | 1 Jupyter Core | 2026-01-23 | 7.3 High |
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | ||||
| CVE-2025-65118 | 1 Aveva | 2 Application Server, Process Optimization | 2026-01-22 | 8.8 High |
| The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server. | ||||
| CVE-2025-14406 | 1 Sodapdf | 2 Soda Pdf, Soda Pdf Desktop | 2026-01-21 | N/A |
| Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25793. | ||||
| CVE-2025-10215 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-20 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-01-20 | 7.8 High |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | ||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | 6.8 Medium |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | ||||
| CVE-2023-28745 | 1 Intel | 1 Qsfp\+ Configuration Utility | 2026-01-14 | 6.7 Medium |
| Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-14596 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | ||||
| CVE-2025-14599 | 3 Altera, Intel, Microsoft | 4 Quartus Prime Lite, Quartus Prime Standard, Quartus Prime and 1 more | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | ||||
| CVE-2025-14605 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. | ||||
| CVE-2025-13670 | 3 Altera, Intel, Microsoft | 3 High Level Synthesis Compiler, High Level Synthesis Compiler, Windows | 2026-01-12 | 6.7 Medium |
| The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability | ||||
| CVE-2025-13669 | 3 Altera, Intel, Microsoft | 3 High Level Synthesis Compiler, High Level Synthesis Compiler, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3. | ||||
| CVE-2025-13664 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Standard, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege. | ||||
| CVE-2025-13665 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Standard, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| The System Console Utility for Windows is vulnerable to a DLL planting vulnerability | ||||
| CVE-2025-13668 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege. | ||||
| CVE-2025-66835 | 1 Trueconf | 1 Trueconf | 2026-01-09 | 7.1 High |
| TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | ||||
| CVE-2025-64994 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-09 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. | ||||