Search Results (2570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28365 1 Reprisesoftware 1 Reprise License Manager 2025-04-30 5.3 Medium
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.
CVE-2022-44744 1 Acronis 1 Cyber Protect Home Office 2025-04-30 7.3 High
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2023-23920 3 Debian, Nodejs, Redhat 5 Debian Linux, Node.js, Enterprise Linux and 2 more 2025-04-30 4.2 Medium
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
CVE-2022-37197 1 Iobit 1 Iotransfer 2025-04-29 7.8 High
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2022-28766 1 Zoom 2 Meetings, Rooms 2025-04-29 3.3 Low
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
CVE-2022-38395 1 Hp 2 Fusion, Support Assistant 2025-04-29 7.8 High
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
CVE-2022-31694 1 Installbuilder 1 Installbuilder 2025-04-29 7.3 High
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.
CVE-2022-43751 1 Mcafee 1 Total Protection 2025-04-29 7.8 High
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
CVE-2022-36924 1 Zoom 1 Rooms 2025-04-28 8.8 High
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
CVE-2022-45422 1 Lg 1 Smart Share 2025-04-28 7.8 High
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.
CVE-2022-45276 1 Eyunjing 1 Yjcms 2025-04-25 9.8 Critical
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
CVE-2023-49114 1 Hexagon 1 Qognify Vms Client Viewer 2025-04-25 6.7 Medium
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.
CVE-2022-40746 2 Ibm, Microsoft 2 I Access Client Solutions, Windows 2025-04-24 7.2 High
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
CVE-2023-24591 1 Intel 1 Binary Configuration Tool 2025-04-24 6.7 Medium
Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-21011 2 Adobe, Microsoft 2 Captivate, Windows 2025-04-23 7 High
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
CVE-2023-45596 1 Ailux 2 Imx6, Imx6 Bundle 2025-04-23 5.3 Medium
A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2021-21008 2 Adobe, Microsoft 2 Animate, Windows 2025-04-23 7 High
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-21007 2 Adobe, Microsoft 2 Illustrator, Windows 2025-04-23 7 High
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-21055 3 Adobe, Apple, Microsoft 3 Dreamweaver, Macos, Windows 2025-04-23 6.2 Medium
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
CVE-2021-21078 3 Adobe, Apple, Microsoft 3 Creative Cloud Desktop Application, Macos, Windows 2025-04-23 6.5 Medium
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction