CVE-2025-57624

A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs...

CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...

CVE-2025-10491 MongoDB Windows installation MSI may leave ACLs unset on custom installation directories

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...

CVE-2025-9059

The Altiris Core Agent Updater package AeXNSC.exe is prone to an elevation of privileges vulnerability through DLL hijacking...

CVE-2025-10213 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

UPDF 代码问题漏洞

UPDF is a multi-platform PDF editor from the Chinese company UPDF. A code issue vulnerability exists in UPDF version 1.8.5.0, which stems from DLL search path hijacking and could lead to the execution of arbitrary code...

Sunshine 安全漏洞

Sunshine is an open source self-service game streaming host for Moonlight by LizardByte. A security vulnerability exists in Sunshine version v2025.122.141614, which stems from DLL search order hijacking and could lead to the insertion of a malicious DLL...

CVE-2025-30033

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component...

PT-2025-32647 · Siemens · Automation License Manager V6.0 +134

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an...

Arm Development Studio 代码问题漏洞

Arm Development Studio is a software development tool designed for the Arm architecture from Arm UK. A code issue vulnerability exists in versions prior to Arm Development Studio 2025 that stems from an uncontrolled search path element that could lead to a DLL hijacking attack...

CVE-2025-49148 ClipShare Server Allows Local Privilege Escalation via DLL Hijacking

ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileg...

Yandex Telemost 代码问题漏洞

Yandex Telemost is an application for easily creating video calls or video chats from the Russian company Yandex. A security vulnerability exists in Yandex Telemost for Desktop prior to version 2.7.0, which stems from the use of untrusted search paths and may lead to DLL hijacking...

BleachBit 代码问题漏洞

BleachBit is a free open source disk space cleaner, privacy manager and computer system optimizer from BleachBit Open Source. A code issue vulnerability exists in BleachBit 4.6.2 and earlier versions that stems from DLL hijacking and could lead to the execution of arbitrary code...

CVE-2025-2629

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path...

PT-2025-15839 · National Instruments · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path when loading NI Error Reporting, which may result in arbitrary code execution. Successful exploitation...

PT-2025-15841 · National Instruments · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path in NI LabVIEW, which may result in arbitrary code execution. Successful exploitation requires an attack...

Carrier Block Load 代码问题漏洞

Carrier Block Load is an application from Carrier, Inc. which provides easy-to-use commercial load calculations for HVAC systems. A security vulnerability exists in Carrier Block Load that stems from an uncontrolled path element that could lead to DLL hijacking and arbitrary code execution...

PT-2025-7322

Name of the Vulnerable Software and Affected Versions Carrier - Block Load versions 4.00 through 4.16 Description An uncontrolled search path element issue exists, potentially allowing an attacker to perform DLL hijacking and execute arbitrary code with elevated privileges. This issue is reported...

CVE-2025-24827

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 39378...

PT-2025-3720 · Silicon · Cp210X Vcp Windows Installer

Name of the Vulnerable Software and Affected Versions: CP210x VCP Windows installer affected versions not specified Description: The issue is caused by an uncontrolled search path in the CP210x VCP Windows installer, leading to DLL hijacking vulnerabilities. This can result in privilege escalatio...