Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12819 | 1 Pgbouncer | 1 Pgbouncer | 2025-12-05 | 7.5 High |
| Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. | ||||
| CVE-2024-12168 | 1 Yandex | 1 Yandex Telemost | 2025-12-03 | 7.8 High |
| Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used. | ||||
| CVE-2024-27303 | 2 Electron, Microsoft | 2 Electron-builder, Windows | 2025-12-03 | 7.3 High |
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | ||||
| CVE-2025-26155 | 2 Microsoft, Ncp-e | 5 Windows, Ncp Secure Entry Client, Secure Client and 2 more | 2025-12-02 | 9.8 Critical |
| NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | ||||
| CVE-2025-49642 | 1 Zabbix | 1 Zabbix-agent | 2025-12-01 | N/A |
| Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. | ||||
| CVE-2025-60718 | 1 Microsoft | 6 Windows, Windows 11, Windows 11 24h2 and 3 more | 2025-11-25 | 7.8 High |
| Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2017-7755 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-11-25 | N/A |
| The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2024-21922 | 1 Amd | 1 Storemi | 2025-11-24 | 7.3 High |
| A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2024-21923 | 1 Amd | 1 Storemi | 2025-11-24 | 7.3 High |
| Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2025-13433 | 2 Microsoft, Muse | 2 Windows, Musehub | 2025-11-24 | 7 High |
| A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-43079 | 2 Linux, Qualys | 3 Linux, Cloud Agent, Cloud Agent For Linux | 2025-11-18 | 6.3 Medium |
| The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges (e.g., via sudo) in an environment where $PATH has been manipulated, an attacker with root/sudo privileges could cause malicious executables to be run in place of the intended system binaries. This behavior can be leveraged for local privilege escalation and arbitrary command execution under elevated privileges. | ||||
| CVE-2025-5335 | 1 Autodesk | 1 Installer | 2025-11-13 | 7.8 High |
| A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2025-11-03 | 7.8 High |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | ||||
| CVE-2025-4802 | 2 Gnu, Redhat | 7 Glibc, Discovery, Enterprise Linux and 4 more | 2025-11-03 | 7.8 High |
| Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). | ||||
| CVE-2025-40909 | 1 Perl | 1 Perl | 2025-11-03 | 5.9 Medium |
| Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 | ||||
| CVE-2022-22047 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-30 | 7.8 High |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | ||||
| CVE-2025-12286 | 1 Veepn | 1 Veepn | 2025-10-30 | 7 High |
| A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-14012 | 2 Microsoft, Revenera | 2 Windows, Installshield | 2025-10-30 | N/A |
| Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privilege escalation. The issue has been fixed in versions 2023 R2 and later. | ||||
| CVE-2025-49124 | 1 Apache | 1 Tomcat | 2025-10-29 | 8.4 High |
| Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | ||||
| CVE-2024-45281 | 1 Sap | 2 Business Objects Business Intelligence Platform, Businessobjects Business Intelligence Platform | 2025-10-28 | 5.8 Medium |
| SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. | ||||