Export limit exceeded: 361823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2562 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59033 | 1 Microsoft | 7 Windows, Windows 10, Windows 11 and 4 more | 2026-04-15 | 7.4 High |
| The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) may not be blocked, whether hypervisor-protected code integrity (HVCI) is enabled or not. NOTE: The vendor disputes this CVE ID assignment and states that the driver blocklist is intended for use with HVCI. | ||||
| CVE-2025-26381 | 1 Johnsoncontrols | 1 Openblue Workplace | 2026-04-15 | N/A |
| Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2025-71178 | 1 Micron | 1 Crucial Storage Executive | 2026-04-15 | N/A |
| Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer to be loaded instead of the intended system library. A local attacker who can convince a victim to run the installer from a directory containing the attacker-supplied DLL can achieve arbitrary code execution with administrator privileges. | ||||
| CVE-2025-9059 | 1 Broadcom | 2 Broadcom, Desktop Management Suite | 2026-04-15 | N/A |
| The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | ||||
| CVE-2024-57276 | 2026-04-15 | 7.3 High | ||
| In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. | ||||
| CVE-2019-25310 | 1 Actfax | 1 Activefax Server | 2026-04-15 | 7.8 High |
| ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges. | ||||
| CVE-2019-25305 | 2 Hp, Inforprograma | 2 Jumpstart, Jumpstart | 2026-04-15 | 7.8 High |
| JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions. | ||||
| CVE-2019-25302 | 1 Acer | 1 Launch Manager | 2026-04-15 | 7.8 High |
| Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup. | ||||
| CVE-2025-25059 | 1 Intel | 1 One Boot Flash Update | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2019-25286 | 1 Gcafe | 1 Gcafe | 2026-04-15 | 7.8 High |
| GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with LocalSystem permissions. | ||||
| CVE-2019-25281 | 1 Ncp-e | 1 Ncp Secure Entry Client | 2026-04-15 | 7.8 High |
| NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2025-10714 | 1 Axis | 1 Optimizer | 2026-04-15 | 8.4 High |
| AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer. | ||||
| CVE-2022-50929 | 1 Connectify | 1 Connectify Hotspot | 2026-04-15 | 8.4 High |
| Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2022-50924 | 1 Privateinternetaccess | 2 Private Internet Access, Private Internet Access Vpn Client | 2026-04-15 | 8.4 High |
| Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup. | ||||
| CVE-2025-48201 | 2026-04-15 | 8.6 High | ||
| The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | ||||
| CVE-2025-48202 | 2026-04-15 | 5.3 Medium | ||
| The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2022-50920 | 2 Sandboxie, Sandboxie-plus | 2 Sandboxie, Sandboxie | 2026-04-15 | 8.4 High |
| Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup. | ||||
| CVE-2025-65078 | 1 Lexmark | 40 Cslbl, Cslbn, Csngv and 37 more | 2026-04-15 | N/A |
| An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2025-24829 | 2026-04-15 | N/A | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | ||||
| CVE-2025-12286 | 1 Veepn | 1 Veepn | 2026-04-15 | 7 High |
| A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||