Arm Development Studio 代码问题漏洞

Arm Development Studio is a software development tool designed for the Arm architecture from Arm UK. A code issue vulnerability exists in versions prior to Arm Development Studio 2025 that stems from an uncontrolled search path element that could lead to a DLL hijacking attack...

Motorola Software Fix 安全漏洞

Motorola Software Fix is an Android application from Motorola USA. A security vulnerability exists in Motorola Software Fix, which stems from a DLL hijacking vulnerability during the installation process that could lead to elevated privileges for a local attacker...

MAL-2025-191771 Malicious code in jython-file (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fc56f6ba4b75b25d4289c3aa3cb1d05f9b1d7bbfacf00b11e270d76ba87a1a3e Package attempts to load in an obfuscated way a code from a file not included in the package as well as inject a dynamic library to the Python dynamic libs...

CLSA-2025-1750692029 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix untrusted LDLIBRARYPATH vulnerability in dynamically shared library loading in setuid binaries to prevent attacker control...

CLSA-2025-1750697072 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix issue of untrusted LDLIBRARYPATH environment variable vulnerability by restricting loading of dynamically shared libraries in statically compiled setuid binaries...

CVE-2025-5255

The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library Dylib injection. A local attacker with unprivileged access can use...

Core.ai Phoenix Code 安全漏洞

Core.ai Phoenix Code is a lightweight text editor from Core.ai India. A security vulnerability exists in Core.ai Phoenix Code that stems from allowing dynamic library injection, which could lead to a local attacker bypassing TCC...

Postbox 安全漏洞

Postbox is an email client software from Postbox, Inc. A security vulnerability exists in Postbox that stems from allowing dynamic library injection, which could lead to a local attacker bypassing TCC...

Check Point SmartConsole 安全漏洞

Check Point SmartConsole is a graphical user interface for centralized management of Check Point security products from Check Point Israel. A security vulnerability exists in Check Point SmartConsole versions R81.10 and R81.20 that originates from an untrusted DLL in the installer directory that...

CVE-2025-49148 ClipShare Server Allows Local Privilege Escalation via DLL Hijacking

ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileg...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat that stems from a TCC policy that can be bypassed, potentially leading to a DYLIB injection attack that could perform unauthorized actions or elevation of privilege...

Yandex Telemost 代码问题漏洞

Yandex Telemost is an application for easily creating video calls or video chats from the Russian company Yandex. A security vulnerability exists in Yandex Telemost for Desktop prior to version 2.7.0, which stems from the use of untrusted search paths and may lead to DLL hijacking...

Blackmagic Design DaVinci Resolve 安全漏洞

Blackmagic Design DaVinci Resolve is a software tool that combines editing, color correction, visual effects, motion graphics, and audio post-production in one package. A security vulnerability exists in Blackmagic Design DaVinci Resolve, which stems from insufficient dynamic library loading...

CVE-2025-4412 TCC Bypass via Dylib Loading in Viscosity.app

On macOS systems, by utilizing a Launch Agent and loading the viscosityopenvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC Transparency, Consent, and Control identity. The acquired resource access is limited without entitlements such as acces...

CVE-2025-4412

CVE-2025-4412 concerns macOS: an attacker can use a Launch Agent to load viscosity_openvpn from the Viscosity app bundle and induce a dynamic library load under Viscosity’s TCC identity. This grants limited resource access without entitlements (e.g., not granting camera/mic); access to other reso...

PT-2025-22984 · Viscosity · Viscosity

Name of the Vulnerable Software and Affected Versions: Viscosity versions prior to 1.11.5 Description: The issue allows loading a dynamic library with Viscosity's TCC identity on macOS systems by utilizing a Launch Agent and loading the viscosity openvpn process from the application bundle. The...

CVE-2023-26818

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

CVE-2021-28246

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...

CVE-2021-1089

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering...

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process openvpn.exe...