CVE-2020-9858

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 v. 1A11. Running the installer in an untrusted directory may result in arbitrary code execution...

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...

CVE-2019-8801

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution...

CVE-2017-14397

AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability...

CVE-2010-5219

Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .html, or .mpg file. NOTE: some of these details are obtained from third party...

CVE-2025-4802

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

CVE-2025-4802 affects the GNU C Library (glibc) versions 2.27–2.38. The issue is an untrusted LD_LIBRARY_PATH vulnerability that enables attacker-controlled loading of dynamically-linked libraries by statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlo...

Patch My PC Home Updater 代码问题漏洞

Patch My PC Home Updater is a lightweight third-party software updater tool from Patch My PC, Inc. A code issue vulnerability exists in Patch My PC Home Updater version 5.1.3.0 and prior versions, which stems from improperly controlled search paths for multiple DLL files, which could lead to a...

BleachBit 代码问题漏洞

BleachBit is a free open source disk space cleaner, privacy manager and computer system optimizer from BleachBit Open Source. A code issue vulnerability exists in BleachBit 4.6.2 and earlier versions that stems from DLL hijacking and could lead to the execution of arbitrary code...

CVE-2025-2629

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path...

PT-2025-15841 · National Instruments · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path in NI LabVIEW, which may result in arbitrary code execution. Successful exploitation requires an attack...

PT-2025-15839 · National Instruments · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path when loading NI Error Reporting, which may result in arbitrary code execution. Successful exploitation...

CVE-2025-29903

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible...

CVE-2025-29903

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible...

JetBrains Runtime 代码问题漏洞

JetBrains Runtime JBR is a Czech JetBrains company based on OpenJDK designed specifically for JetBrains products runtime environment . Used to run JetBrains platform products , to provide an optimized Java running experience . JetBrains Runtime has a code issue vulnerability that originates from ...

Carrier Block Load 代码问题漏洞

Carrier Block Load is an application from Carrier, Inc. which provides easy-to-use commercial load calculations for HVAC systems. A security vulnerability exists in Carrier Block Load that stems from an uncontrolled path element that could lead to DLL hijacking and arbitrary code execution...

PT-2025-7322

Name of the Vulnerable Software and Affected Versions Carrier - Block Load versions 4.00 through 4.16 Description An uncontrolled search path element issue exists, potentially allowing an attacker to perform DLL hijacking and execute arbitrary code with elevated privileges. This issue is reported...

PT-2025-6762 · Unknown · Hvac Energy Saving Program

Name of the Vulnerable Software and Affected Versions: HVAC Energy Saving Program affected versions not specified Description: A discovery has been made of an insecure loading of dynamic link libraries in the HVAC Energy Saving Program, which could allow local attackers to potentially disclose...

PT-2025-5865 · Unknown · Netmod Vpn Client

Name of the Vulnerable Software and Affected Versions: NetMod VPN Client version 5.3.1 Description: The issue arises due to the improper validation of dynamically loaded libraries, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads...