ReportizFlow
Filtered by vendor
Subscriptions
Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2516 | 1 Unidocs | 2 Ezpdf Drm Reader, Ezpdf Reader | 2026-04-15 | 7 High |
| A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading the affected component is recommended. The vendor explains: "[W]e have already addressed similar DLL search path vulnerability patterns through prior security updates. (...) Users are advised to use the latest version provided by the vendor." | ||||
| CVE-2026-3775 | 3 Foxit, Foxitsoftware, Microsoft | 5 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 2 more | 2026-04-15 | 7.8 High |
| The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. | ||||
| CVE-2024-2207 | 1 Hewlett Packard Enterprise | 1 Sound Research Secomn64 Driver | 2026-04-15 | 6 Medium |
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities. | ||||
| CVE-2024-2208 | 1 Hewlett Packard Enterprise | 1 Sound Research Secomn64 Driver | 2026-04-15 | 8.8 High |
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities. | ||||
| CVE-2025-25011 | 1 Elastic | 1 Elastic Beats | 2026-04-15 | 7 High |
| An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. | ||||
| CVE-2024-21830 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-10939 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 3.7 Low |
| A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed. | ||||
| CVE-2025-25059 | 1 Intel | 1 One Boot Flash Update | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-34028 | 1 Intel | 1 Graphics Offline Compiler For Opencl Code Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-12852 | 1 Nec | 1 Rakurakumusen Start Ex | 2026-04-15 | N/A |
| DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device. | ||||
| CVE-2024-57964 | 2026-04-15 | 7.3 High | ||
| Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:. | ||||
| CVE-2024-9852 | 2 Iconics, Mitsubishielectric | 3 Genesis64, Genesis64, Mc Works64 | 2026-04-15 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | ||||
| CVE-2024-37024 | 1 Intel | 1 Acat Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9499 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2025-31931 | 1 Intel | 1 Itt Api | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-40763 | 1 Siemens | 1 Altair Grid Engine | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path. | ||||
| CVE-2024-9495 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2025-13919 | 2 Broadcom, Symantec | 2 Symantec Endpoint Protection, Endpoint Protection | 2026-04-15 | 4.4 Medium |
| Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | ||||
| CVE-2025-30506 | 1 Intel | 1 Driver\&support Assistant | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-32038 | 1 Intel | 1 Oneapi Compiler Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||