Total
1010 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 6.7 MEDIUM |
| An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | |||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 9.8 CRITICAL |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
| CVE-2024-10930 | 2025-03-04 | N/A | N/A | ||
| An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. | |||||
| CVE-2023-6132 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2025-03-04 | N/A | 7.3 HIGH |
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | |||||
| CVE-2025-21206 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-02-28 | N/A | 7.3 HIGH |
| Visual Studio Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-24578 | 1 Mcafee | 1 Total Protection | 2025-02-27 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. | |||||
| CVE-2022-4313 | 1 Tenable | 2 Nessus, Plugin Feed | 2025-02-27 | N/A | 8.8 HIGH |
| A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. | |||||
| CVE-2022-48422 | 2 Linux, Onlyoffice | 2 Linux Kernel, Document Server | 2025-02-27 | N/A | 7.8 HIGH |
| ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | |||||
| CVE-2021-31637 | 1 Uwamp Project | 1 Uwamp | 2025-02-26 | N/A | 7.8 HIGH |
| An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL. | |||||
| CVE-2023-28759 | 1 Veritas | 1 Netbackup | 2025-02-25 | N/A | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | |||||
| CVE-2022-26374 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
| Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-26624 | 2025-02-18 | N/A | N/A | ||
| Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-9499 | 2025-02-18 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-9498 | 2025-02-18 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-9496 | 2025-02-18 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-42405 | 2025-02-18 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39813 | 2025-02-18 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39365 | 2025-02-18 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-48225 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | N/A | 7.3 HIGH |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. | |||||
| CVE-2022-48224 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | N/A | 7.3 HIGH |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). | |||||