CVE-2026-27774

CVE-2026-27774 affects Acronis True Image for Windows prior to build 42902. The issue is a DLL hijacking vulnerability that leads to local privilege escalation. Documentation lists the root cause as DLL search/loading issues; attack vector is local with high confidentiality/integrity/availability...

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

CVE-2025-48503

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...

PT-2026-7595

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-63685

CVE-2025-63685 affects Quark Cloud Drive v3.23.2. The vulnerability is a DLL hijack caused by insecure loading of system libraries: the app does not validate the path or signature of regsvr32.exe, allowing a malicious DLL placed in the startup directory to be loaded and executed when the program ...

CVE-2025-40827

A vulnerability has been identified in Siemens Software Center All versions V3.5, Solid Edge SE2025 All versions V225.0 Update 10. The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system...

CVE-2025-57716

An Uncontrolled Search Path Element vulnerability CWE-427 in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder...

CYRISMA Agent 安全漏洞

CYRISMA Agent is a data collection component from CYRISMA USA. A security vulnerability exists in CYRISMA Agent versions prior to 444, which stems from vulnerability to DLL hijacking attacks that could lead to elevation of privilege and execution of arbitrary code...

CVE-2024-10930

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges...

PT-2025-3722 · Unknown · Usbxpress 4 Sdk

Name of the Vulnerable Software and Affected Versions: USBXpress 4 SDK affected versions not specified Description: The issue is related to DLL hijacking vulnerabilities caused by an uncontrolled search path in the USBXpress 4 SDK installer. This can lead to privilege escalation and arbitrary cod...

CVE-2024-55540

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

Acronis Cyber Files 代码问题漏洞

Acronis Cyber Files is a secure file synchronization and sharing solution from Acronis Switzerland. A code issue vulnerability exists in Acronis Cyber Files versions prior to 9.0.0x24 that stems from DLL hijacking leading to local elevation of privilege...

Acronis Cyber Protect 代码问题漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A code issue...

PT-2024-25642

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect Cloud Agent Windows versions before build 38235 Description A local privilege escalation issue exists due to a DLL hijacking vulnerability. This can cause local privilege escalation. Recommendations For Acronis Cyber...

Yandex Browser 安全漏洞

Yandex Browser is a desktop version of the web browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser versions prior to 24.7.1.380, which stems from the use of an untrusted search path, which leads to a DLL hijacking vulnerability...

Atera Agent Package Availability Security Vulnerability

Atera Agent Package Availability for Windows is an Atera agent package for Windows from Atera. A security vulnerability exists in Atera Agent Package Availability 0.14.0.0 and prior versions, which originates when Agent.Package.Availability.exe has SYSTEM privileges and is susceptible to DLL...

PT-2023-25369 · Ibm · Ibm Storage Protect For Virtual Environments +1

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments versions 8.1.0.0 through 8.1.19.0 Description: The issue allows a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL...

PT-2023-5571 · Siemens · Siemens Software Center

Name of the Vulnerable Software and Affected Versions: Siemens Software Center versions prior to V3.0 Description: A DLL Hijacking issue could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. This is relat...

Chat Server 代码问题漏洞

Chat Server is ramank775 individual developer's chat server based on microservices architecture, supports high availability, high throughput, horizontal expansion. A security vulnerability exists in Efs Software Easy Chat Server version 3.1, which originates from a DLL hijacking vulnerability tha...