Total
545 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55503 | 2 Apple, Termius | 2 Macos, Termius | 2025-01-31 | N/A | 3.3 LOW |
| An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. | |||||
| CVE-2024-53407 | 1 Phiewer | 1 Phiewer | 2025-01-31 | N/A | 3.3 LOW |
| In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. | |||||
| CVE-2025-24828 | 2025-01-31 | N/A | 6.3 MEDIUM | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2025-0145 | 2025-01-30 | N/A | 4.6 MEDIUM | ||
| Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. | |||||
| CVE-2025-24789 | 2025-01-29 | N/A | 7.8 HIGH | ||
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0. | |||||
| CVE-2025-0733 | 2025-01-27 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0732 | 2025-01-27 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0707 | 2025-01-24 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally. | |||||
| CVE-2023-30330 | 1 Softexpert | 1 Excellence Suite | 2025-01-24 | N/A | 9.8 CRITICAL |
| SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | |||||
| CVE-2023-29790 | 1 Kodcloud | 1 Kodbox | 2025-01-24 | N/A | 7.5 HIGH |
| kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | |||||
| CVE-2024-28133 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.8 HIGH |
| A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. | |||||
| CVE-2024-13524 | 2025-01-20 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise". | |||||
| CVE-2025-0567 | 2025-01-19 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. | |||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 7.8 HIGH |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | |||||
| CVE-2025-21365 | 1 Microsoft | 2 365 Apps, Office | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2024-13158 | 2025-01-14 | N/A | 7.2 HIGH | ||
| An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2025-0459 | 2025-01-14 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7886 | 2025-01-10 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. | |||||
| CVE-2024-20693 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21435 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-12-27 | N/A | 8.8 HIGH |
| Windows OLE Remote Code Execution Vulnerability | |||||