ReportizFlow
Filtered by vendor
Subscriptions
Total
586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3220 | 1 Python | 1 Cpython | 2025-07-14 | 4.6 Medium |
| There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations. | ||||
| CVE-2025-0733 | 1 Postman | 1 Postman | 2025-07-13 | 4.5 Medium |
| A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1398 | 1 Mattermost | 2 Mattermost, Mattermost Desktop | 2025-07-13 | 3.3 Low |
| Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection. | ||||
| CVE-2025-1804 | 1 Blizzard | 1 Battle.net | 2025-07-13 | 7 High |
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | ||||
| CVE-2024-53866 | 1 Pnpm | 1 Pnpm | 2025-07-13 | N/A |
| The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B. Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace. | ||||
| CVE-2024-32019 | 1 Netdata | 1 Netdata | 2025-07-13 | 8.8 High |
| Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-0459 | 1 Libretro | 1 Retroarch | 2025-07-12 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0732 | 1 Discord | 1 Discord | 2025-07-12 | 4.5 Medium |
| A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-30399 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2025-07-11 | 7.5 High |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-27743 | 1 Microsoft | 5 System Center Data Protection Manager, System Center Operations Manager, System Center Orchestrator and 2 more | 2025-07-10 | 7.8 High |
| Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-4540 | 2 Lodop, Microsoft | 2 C-lodop, Windows | 2025-07-08 | 7 High |
| A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 6.6.13 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-4539 | 1 Todesk | 1 Todesk | 2025-07-08 | 7 High |
| A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49043 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-07-08 | 7.8 High |
| Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | ||||
| CVE-2024-43616 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-08 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-43576 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-08 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-50986 | 1 Clementine-player | 1 Clementine | 2025-07-07 | 7.3 High |
| An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. | ||||
| CVE-2025-21399 | 1 Microsoft | 2 Edge, Edge Update | 2025-07-03 | 7.4 High |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | ||||
| CVE-2024-45207 | 1 Veeam | 2 Agent, Veeam Agent For Windows | 2025-07-02 | N/A |
| DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | ||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 7 High |
| A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-21365 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||