Total
1010 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4539 | 1 Todesk | 1 Todesk | 2025-07-08 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | N/A | 5.7 MEDIUM |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2025-07-03 | N/A | 8.8 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
| CVE-2025-33122 | 1 Ibm | 1 I | 2025-07-03 | N/A | 7.5 HIGH |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
| CVE-2024-55898 | 1 Ibm | 1 I | 2025-07-03 | N/A | 8.5 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2025-07-03 | N/A | 7.3 HIGH |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | N/A | 7.3 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | N/A | 7.3 HIGH |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | N/A | 7.3 HIGH |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-28099 | 1 Keyence | 1 Vt Studio | 2025-06-30 | N/A | 7.8 HIGH |
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2023-27859 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-06-20 | N/A | 6.5 MEDIUM |
| IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. | |||||
| CVE-2025-5129 | 1 Sangfor | 1 Atrust | 2025-06-17 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47196 | 1 Siemens | 2 Modelsim, Questa | 2025-06-17 | N/A | 6.7 MEDIUM |
| A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. | |||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | |||||
| CVE-2025-49148 | 2025-06-12 | N/A | 7.3 HIGH | ||
| ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5. | |||||
| CVE-2024-33672 | 1 Veritas | 1 Netbackup | 2025-06-10 | N/A | 7.7 HIGH |
| An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2025-06-04 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (Windows) before build 39938. | |||||
| CVE-2025-5180 | 2 Microsoft, Wondershare | 2 Windows, Filmora | 2025-06-03 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27997 | 1 Blizzard | 1 Battle.net | 2025-06-03 | N/A | 8.4 HIGH |
| An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. | |||||