12662 matches found
Vulnerabilities in SAP-products
SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...
CVE-2026-21770
HCL Traveler for Microsoft Outlook HTMO is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...
Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. id: CVE-2024-0801 info: name: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll author: daffainfo severity: high description: | A denial of service vulnerability exists i...
CVE-2026-21770
CVE-2026-21770 affects HCL Traveler for Microsoft Outlook (HTMO). The vulnerability is described as a DLL hijacking issue that could allow an attacker to modify or replace HTMO with malicious content. Per the provided metrics, exploitability is Local with LOW complexity, but HIGH privileges are r...
CVE-2026-21770 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to DLL hijacking
HCL Traveler for Microsoft Outlook HTMO is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...
CVE-2026-58547
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-50491
Out-of-bounds read in Code Integrity DLL ci.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-50491
The CVE-2026-50491 entry documents an out-of-bounds read in the Code Integrity DLL (ci.dll) that enables an authorized local attacker to achieve Elevation of Privileges. Affected component: Windows Code Integrity mechanism (ci.dll). Root cause: out-of-bounds read in ci.dll leading to privilege es...
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
Code Integrity DLL (ci.dll) Elevation of Privilege Vulnerability
Out-of-bounds read in Code Integrity DLL ci.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-0487
CVE-2026-0487 concerns SAProuter on Microsoft Windows, where an unauthenticated attacker can load DLLs from an untrusted location, enabling arbitrary code execution through DLL hijacking. The root cause is improper DLL loading behavior that can be hijacked to execute malicious code, impacting con...
CVE-2026-0487 DLL Hijacking vulnerability in SAProuter on Microsoft Windows
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options...
CVE-2026-56437
The CVE-2026-56437 issue affects Pupsman versions prior to 3.9.0. An Uncontrolled search path element allows arbitrary code execution with SYSTEM privileges if a crafted DLL is placed in the same folder as the affected installer and the installer is executed. No exploitation details or fixes are ...
CVE-2026-56437
Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...
Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, codenamed Operation DragonReturn by...
CVE-2026-38972
Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...
CVE-2026-38972
Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...
CVE-2026-51947
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...
CVE-2026-58126
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...