Search Results (2570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-45598 1 Ailux 2 Imx6, Imx6 Bundle 2025-04-10 5.3 Medium
A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2022-4057 1 Optimizingmatters 1 Autooptimize 2025-04-10 5.3 Medium
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
CVE-2022-44939 1 Echatserver 1 Easy Chat Server 2025-04-09 7.8 High
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
CVE-2025-1755 3 Microsoft, Mongodb, Redhat 6 Windows, Compass, Enterprise Linux For Arm 64 and 3 more 2025-04-09 7.5 High
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
CVE-2025-1756 2 Mongodb, Redhat 13 Mongosh, Codeready Linux Builder Eus, Codeready Linux Builder For Arm64 Eus and 10 more 2025-04-09 7.5 High
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0
CVE-2022-36930 1 Zoom 1 Rooms 2025-04-08 8.8 High
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
CVE-2022-4429 1 Avira 1 Avira Security 2025-04-08 5.3 Medium
Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78
CVE-2023-0247 1 Bloom Project 1 Bloom 2025-04-07 7.8 High
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
CVE-2023-22947 2 Microsoft, Shibboleth 2 Windows, Service Provider 2025-04-07 7.3 High
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
CVE-2020-25502 1 Cybereason 1 Endpoint Detection And Response 2025-04-03 7.8 High
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
CVE-2022-4258 2 Hima, Microsoft 5 Hopcs, X-opc A\+e, X-opc Da and 2 more 2025-04-03 7.8 High
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
CVE-2024-24722 1 12dsynergy 4 12d Synergy File Replication Server, 12d Synergy Server, 12dsynergy and 1 more 2025-04-02 9.1 Critical
An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235.
CVE-2020-5419 2 Broadcom, Pivotal Software 2 Rabbitmq Server, Rabbitmq 2025-04-02 6.7 Medium
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
CVE-2022-41141 1 Windscribe 1 Windscribe 2025-04-01 7.8 High
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.
CVE-2025-27167 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2025-03-31 7.8 High
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
CVE-2022-44264 1 Dentsplysirona 1 Sidexis 2025-03-31 7.8 High
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.
CVE-2022-47632 2 Microsoft, Razer 2 Windows, Synapse 2025-03-28 6.8 Medium
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
CVE-2022-47700 1 Comfast Project 2 Cf-wr623n, Cf-wr623n Firmware 2025-03-27 7.5 High
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.
CVE-2023-42920 2 Apple, Claris 3 Macos, Claris Pro, Filemaker Pro 2025-03-26 7.8 High
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
CVE-2020-23438 1 Wondershare 1 Filmora 2025-03-26 7.8 High
Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.