Export limit exceeded: 361587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23304 | 1 Cybozu | 1 Kunai | 2025-06-04 | 7.5 High |
| Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | ||||
| CVE-2024-36071 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-06-03 | 6.3 Medium |
| Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path. | ||||
| CVE-2025-5180 | 2 Microsoft, Wondershare | 2 Windows, Filmora | 2025-06-03 | 7 High |
| A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | 5 Medium |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | ||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2025-06-03 | 7.8 High |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2023-6631 | 1 Subnet | 1 Powersystem Center | 2025-06-03 | 7.8 High |
| PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | ||||
| CVE-2024-0056 | 2 Microsoft, Redhat | 21 .net, .net Framework, Microsoft.data.sqlclient and 18 more | 2025-06-03 | 8.7 High |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
| CVE-2023-6740 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-06-03 | 8.8 High |
| Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | ||||
| CVE-2025-27997 | 1 Blizzard | 1 Battle.net | 2025-06-03 | 8.4 High |
| An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. | ||||
| CVE-2023-51711 | 1 Regify | 1 Regipay | 2025-05-30 | 7.8 High |
| An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | ||||
| CVE-2024-0204 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-30 | 9.8 Critical |
| Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | ||||
| CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2025-05-29 | 7.8 High |
| Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | ||||
| CVE-2020-6244 | 1 Sap | 1 Business Client | 2025-05-27 | 7.8 High |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. | ||||
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-05-27 | 8.8 High |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | ||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | 8.8 High |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | ||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2025-05-21 | 7.8 High |
| Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | ||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2025-05-21 | 7.8 High |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | ||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | 8.8 High |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | ||||
| CVE-2025-43553 | 1 Adobe | 1 Substance 3d Modeler | 2025-05-19 | 7.8 High |
| Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2025-05-15 | 7.8 High |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | ||||