Total
951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48496 | 1 Emerson | 1 Valvelink | 2025-07-15 | 5.1 Medium |
| Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. | ||||
| CVE-2024-32938 | 1 Intel | 1 Mpi Library | 2025-07-14 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-1804 | 1 Blizzard | 1 Battle.net | 2025-07-13 | 7 High |
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | ||||
| CVE-2025-2630 | 1 Ni | 1 Labview | 2025-07-13 | 7.3 High |
| There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2024-36280 | 1 Intel | 1 High Level Synthesis Compiler | 2025-07-13 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-50583 | 1 Naver | 1 Whale Browser Installer | 2025-07-13 | 6.3 Medium |
| Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings. | ||||
| CVE-2024-24852 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2025-07-12 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2658 | 1 Flexera | 1 Flexnet Publisher | 2025-07-12 | N/A |
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. | ||||
| CVE-2024-13946 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-12 | 6.8 Medium |
| DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2025-32780 | 1 Bleachbit | 1 Bleachbit | 2025-07-12 | 7.3 High |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | ||||
| CVE-2025-2629 | 1 Ni | 1 Labview | 2025-07-12 | 7.3 High |
| There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | ||||
| CVE-2025-30167 | 1 Jupyter | 1 Jupyter Core | 2025-07-12 | 7.3 High |
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | ||||
| CVE-2025-30399 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2025-07-11 | 7.5 High |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29802 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-10 | 7.3 High |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29803 | 1 Microsoft | 5 Sql Server Management Studio, Visual Studio Tools For Applications 2019, Visual Studio Tools For Applications 2019 Sdk and 2 more | 2025-07-10 | 7.3 High |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-4981 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 9.9 Critical |
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default. | ||||
| CVE-2025-4539 | 1 Todesk | 1 Todesk | 2025-07-08 | 7 High |
| A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | 5.7 Medium |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2025-07-03 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-33122 | 1 Ibm | 1 I | 2025-07-03 | 7.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||