Export limit exceeded: 340552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1110 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10215 | 2 Microsoft, Updf | 2 Windows, Updf | 2026-01-20 | 7.8 High |
| DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence. | ||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2026-01-20 | 7.8 High |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | ||||
| CVE-2025-14405 | 1 Pdfsam | 1 Enhanced | 2026-01-15 | 6.8 Medium |
| PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27867. | ||||
| CVE-2023-53937 | 1 Hubstaff | 1 Hubstaff | 2026-01-14 | 7.8 High |
| Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup. | ||||
| CVE-2022-50808 | 1 Coolermaster | 1 Masterplus | 2026-01-14 | 8.4 High |
| CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot. | ||||
| CVE-2023-28745 | 1 Intel | 1 Qsfp\+ Configuration Utility | 2026-01-14 | 6.7 Medium |
| Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-14596 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | ||||
| CVE-2025-14599 | 3 Altera, Intel, Microsoft | 4 Quartus Prime Lite, Quartus Prime Standard, Quartus Prime and 1 more | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | ||||
| CVE-2025-14605 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. | ||||
| CVE-2025-13670 | 3 Altera, Intel, Microsoft | 3 High Level Synthesis Compiler, High Level Synthesis Compiler, Windows | 2026-01-12 | 6.7 Medium |
| The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability | ||||
| CVE-2025-13669 | 3 Altera, Intel, Microsoft | 3 High Level Synthesis Compiler, High Level Synthesis Compiler, Windows | 2026-01-12 | 6.7 Medium |
| Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3. | ||||
| CVE-2025-13664 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Standard, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege. | ||||
| CVE-2025-13665 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Standard, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| The System Console Utility for Windows is vulnerable to a DLL planting vulnerability | ||||
| CVE-2025-13668 | 3 Altera, Intel, Microsoft | 3 Quartus Prime Pro, Quartus Prime, Windows | 2026-01-12 | 6.7 Medium |
| A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege. | ||||
| CVE-2025-66835 | 1 Trueconf | 1 Trueconf | 2026-01-09 | 7.1 High |
| TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | ||||
| CVE-2024-9852 | 2 Iconics, Mitsubishielectric | 3 Genesis64, Genesis64, Mc Works64 | 2026-01-09 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | ||||
| CVE-2024-8299 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2026-01-09 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | ||||
| CVE-2025-64994 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-09 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. | ||||
| CVE-2025-64995 | 1 Teamviewer | 2 Dex, Digital Employee Experience | 2026-01-09 | 6.5 Medium |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges. | ||||
| CVE-2019-25268 | 2026-01-08 | 9.8 Critical | ||
| NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. | ||||