ReportizFlow
Filtered by vendor
Subscriptions
Total
1142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2025-05-27 | 7.8 High |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | ||||
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-05-27 | 8.8 High |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | ||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2025-05-21 | 7.8 High |
| Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | ||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2025-05-21 | 7.8 High |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | ||||
| CVE-2025-43553 | 1 Adobe | 1 Substance 3d Modeler | 2025-05-19 | 7.8 High |
| Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-33921 | 1 Dell | 1 Geodrive | 2025-05-15 | 7 High |
| Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | ||||
| CVE-2023-29444 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2025-05-14 | 6.3 Medium |
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | ||||
| CVE-2022-41796 | 1 Sony | 1 Content Transfer | 2025-05-07 | 7.8 High |
| Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2018-4938 | 1 Adobe | 1 Coldfusion | 2025-05-06 | 7.8 High |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. | ||||
| CVE-2019-8062 | 1 Adobe | 1 After Effects | 2025-05-05 | 7.8 High |
| Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2022-28696 | 1 Intel | 1 Distribution For Python | 2025-05-05 | 7.8 High |
| Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-25999 | 1 Intel | 1 Enpirion Digital Power Configurator Gui | 2025-05-05 | 7.8 High |
| Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-25841 | 1 Intel | 1 Datacenter Group Event | 2025-05-05 | 7.8 High |
| Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-22139 | 1 Intel | 1 Extreme Tuning Utility | 2025-05-05 | 7.3 High |
| Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-21807 | 1 Intel | 1 Vtune Profiler | 2025-05-05 | 7.8 High |
| Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33101 | 1 Intel | 1 Graphics Performance Analyzers | 2025-05-05 | 7.8 High |
| Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0169 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2025-05-05 | 6.7 Medium |
| Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-34825 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-01 | 9.8 Critical |
| Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | ||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2025-05-01 | 7.8 High |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | ||||
| CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2025-05-01 | 5.3 Medium |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | ||||