CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

PT-2025-50328

A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions...

PT-2025-50342

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable loads MEAIMF.DLL from the...

PT-2025-50341

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an issue where an unsafe Dynamic Link Library DLL loading process can allow a local attacker to execute arbitrary code. The MailEnable administrative...

PT-2025-50348

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an issue where the software loads DLLs unsafely, potentially allowing a local attacker to run arbitrary code. The MailEnable administrative executable loads...

PT-2025-50345

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an issue where the software loads DLLs unsafely, potentially allowing a local attacker to run arbitrary code. The MailEnable administrative executable loads...

MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

PT-2025-50343

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an issue where an attacker can execute code on the system. This happens because the MailEnable administrative executable loads MEAISM.DLL from the...

EUVD-2025-202316

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application...

CVE-2021-47705 CNC_Ctrl DllUnregisterServer Access Violation

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...

CVE-2025-34396

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

CVE-2025-5470 Dylib Hijacking in Yandex Disk

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLDINSERTLIBRARIES environment...

PT-2025-48949

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a RESTRICT segment, a local user may exploit the DYLD INSERT LIBRARIES environment...

Sony INZONE Hub 代码问题漏洞

Sony INZONE Hub is a software for managing and customizing gaming devices from Sony Japan. A code issue vulnerability exists in Sony INZONE Hub versions 1.0.10.3 through 1.0.17.0, which stems from a DLL search path issue that could lead to unsafe loading of dynamic link libraries, which could...

MegaTec ClientMate 安全漏洞

MegaTec ClientMate is a power management software from Taiwan, China-based MegaTec. A security vulnerability exists in MegaTec ClientMate that stems from insecure permissions in the C:\usr directory, which could lead to configuration file replacement or DLL hijacking...

CVE-2025-63685

Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of regsvr32.exe it loads. An attacker can place a crafted malicious DLL in the application's...