Total
785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33101 | 1 Intel | 1 Graphics Performance Analyzers | 2025-05-05 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21807 | 1 Intel | 1 Vtune Profiler | 2025-05-05 | N/A | 7.8 HIGH |
| Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0169 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2025-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-4272 | 2025-05-05 | N/A | 7.0 HIGH | ||
| A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34825 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-01 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2025-05-01 | N/A | 7.8 HIGH |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | |||||
| CVE-2022-38395 | 1 Hp | 2 Fusion, Support Assistant | 2025-04-29 | N/A | 7.8 HIGH |
| HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up. | |||||
| CVE-2025-23177 | 2025-04-29 | N/A | N/A | ||
| CWE-427: Uncontrolled Search Path Element | |||||
| CVE-2022-31694 | 1 Installbuilder | 1 Installbuilder | 2025-04-29 | N/A | 7.3 HIGH |
| InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. | |||||
| CVE-2022-43751 | 1 Mcafee | 1 Total Protection | 2025-04-29 | N/A | 7.8 HIGH |
| McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. | |||||
| CVE-2022-45422 | 1 Lg | 1 Smart Share | 2025-04-28 | N/A | 7.8 HIGH |
| When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. | |||||
| CVE-2023-49114 | 1 Hexagon | 1 Qognify Vms Client Viewer | 2025-04-25 | N/A | N/A |
| A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met. | |||||
| CVE-2022-43722 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
| CVE-2024-12530 | 2025-04-17 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. | |||||
| CVE-2021-44463 | 1 Emerson | 1 Deltav | 2025-04-17 | 6.9 MEDIUM | 7.3 HIGH |
| Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | |||||
| CVE-2021-38410 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2025-04-17 | N/A | 7.8 HIGH |
| AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | |||||
| CVE-2022-42945 | 1 Autodesk | 1 Dwg Trueview | 2025-04-17 | N/A | 7.8 HIGH |
| DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. | |||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2025-04-16 | N/A | 7.8 HIGH |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | |||||
| CVE-2022-22736 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 7.0 HIGH |
| If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. | |||||
| CVE-2021-36631 | 1 Baidu | 1 Baidunetdisk | 2025-04-16 | N/A | 6.7 MEDIUM |
| Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||