Total
874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27997 | 2025-05-21 | N/A | 8.4 HIGH | ||
| An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. | |||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2025-05-21 | N/A | 7.8 HIGH |
| Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | |||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2025-05-21 | N/A | 7.8 HIGH |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | |||||
| CVE-2025-43553 | 1 Adobe | 1 Substance 3d Modeler | 2025-05-19 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application relies on a search path to locate critical resources such as libraries or executables, an attacker could manipulate the search path to load a malicious resource, potentially executing arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-22458 | 1 Ivanti | 1 Endpoint Manager | 2025-05-17 | N/A | 7.8 HIGH |
| DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. | |||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-31073 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20108 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20079 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20041 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-47795 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39833 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-46895 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-21099 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20015 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-47800 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20043 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-4769 | 2025-05-16 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. | |||||
| CVE-2025-35471 | 2025-05-13 | N/A | 7.3 HIGH | ||
| conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected. | |||||
| CVE-2025-32917 | 2025-05-13 | N/A | N/A | ||
| Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | |||||