ReportizFlow
Filtered by vendor
Subscriptions
Total
1142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1729 | 2026-04-15 | 6.7 Medium | ||
| A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. | ||||
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2026-04-15 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2025-32780 | 1 Bleachbit | 1 Bleachbit | 2026-04-15 | 7.3 High |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | ||||
| CVE-2025-20108 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-59889 | 1 Eaton | 1 Ipp Software | 2026-04-15 | 8.6 High |
| Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download center. | ||||
| CVE-2025-0069 | 2026-04-15 | 7.8 High | ||
| Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server. | ||||
| CVE-2025-25011 | 1 Elastic | 1 Elastic Beats | 2026-04-15 | 7 High |
| An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. | ||||
| CVE-2025-0712 | 1 Elastic | 1 Apm Server | 2026-04-15 | 7 High |
| An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. | ||||
| CVE-2024-47006 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-31645 | 1 Intel | 1 System Event Log Viewer Utility | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some System Event Log Viewer Utility software for all versions within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-9498 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2024-9499 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2024-8766 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. | ||||
| CVE-2024-9497 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2025-30182 | 1 Intel | 1 Distribution For Python | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-40763 | 1 Siemens | 1 Altair Grid Engine | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path. | ||||
| CVE-2024-39365 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9496 | 2026-04-15 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2025-4455 | 2026-04-15 | 7 High | ||
| A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57624 | 2026-04-15 | 7.8 High | ||
| A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | ||||