CVE-2026-40031

MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...

CVE-2026-40031

MemProcFS 处理在版本 5.17 之前存在多处不安全的库加载模式，导致跨六个攻击面发生 DLL/共享库劫持。攻击者若在工作目录中放置恶意 DLL/共享库，或操控 LD_LIBRARY_PATH，便可在 MemProcFS 加载时实现任意代码执行。根本原因是对加载库的路径未进行严格限定，利用 bare-name LoadLibraryU/dlopen 未带路径的调用进行加载。影响面涉及本地攻击向量、可用性和完整性及机密性均可能被高影响波及。若存在利用，文档未给出具体利用细节。建议升级至 5.17 及以上版本以修复该加载模式问题；如不能立即升级，可结合路径限定、工作目录隔离及库加载 ...

EUVD-2025-209205

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...

Biztalk360 安全漏洞

Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities were due to improper access control; any user could request the loading of DLL files. Attackers...

PT-2026-30046

An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code execution on the...

CVE-2026-27774

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image Windows before build 42902...

EUVD-2026-18229

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-26928

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

PT-2026-29742

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

CVE-2026-22561

CVE-2026-22561 concerns Anthropic Claude for Windows installer (Claude Setup.exe). The vulnerability arises from Uncontrolled search path elements, where the installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling local privilege escalation via DLL search-ord...

PT-2026-29282

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

CVE-2026-2713

IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this...

CVE-2026-28760

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege...

PT-2026-27008

Name of the Vulnerable Software and Affected Versions Flos Freeware Notepad2 version 4.2.25 Description A weakness exists in Flos Freeware Notepad2 4.2.25, impacting an unknown function within the TextShaping.dll library. Exploitation involves a manipulation that can lead to an uncontrolled searc...

Help on the line: How a Microsoft Teams support call led to compromise

In our eighth Cyberattack Series report, Microsoft Incident Response—the Detection and Response Team DART—investigates a recent identity-first, human-operated intrusion that relied less on exploiting software vulnerabilities and more on deception and legitimate tools. After a customer reached out...

EUVD-2026-12363

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

EUVD-2026-10453

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

EUVD-2026-10295

The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries DLLs. When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege...