Lucene search
K

1009 matches found

ATTACKERKB
ATTACKERKB
added 9 hours ago6 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References2
Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS
Exploits0References1
CVE
CVE
added 9 hours ago10 views

CVE-2026-42936

The CVE-2026-42936 entry concerns the HYPER SBI 2 installer, which insecurely loads Dynamic Link Libraries. A local attacker can place a crafted DLL in the installer’s directory, enabling arbitrary code execution with the invoking user’s privileges during installation. The documented impact is hi...

8.4CVSS7.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-0487

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 4:38 a.m.7 views

EUVD-2026-42165

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

7.8CVSS7.2AI score0.0075EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 9:16 p.m.8 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

7.8CVSS0.00149EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55312

Name of the Vulnerable Software and Affected Versions Notepad3 versions prior to 6.25.822.2 Description A DLL search-order hijacking issue exists in the About-dialog code path within src/Notepad3.c. The application uses the LoadLibrary function to load MSFTEDIT.DLL using a bare name. This allows ...

7.8CVSS6.5AI score0.00149EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.36 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

0.00149EPSS
Exploits1References3
Securelist
Securelist
added 2026/07/01 10:0 a.m.24 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/06/30 1:9 a.m.7 views

EUVD-2026-40241

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 4:12 p.m.15 views

CVE-2025-13162

The vulnerability CVE-2025-13162 affects ABB Control Builder A and ABB 800xA for Advant Master (up to specified versions). It is an Uncontrolled Search Path Element issue. The available documents provide affected products and version ranges but do not include explicit root-cause details, exploit ...

4.4CVSS5.8AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:30 p.m.10 views

EUVD-2026-36426

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:30 p.m.31 views

CVE-2026-11967

CVE-2026-11967 affects MobaXterm Personal Edition (Portable) version 26.3 (Build 5154). The root cause is the application loading winspool.drv from the same directory as the portable executable during startup, allowing an attacker with local access to place a crafted DLL alongside the executable ...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35447

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

6.2AI score0.00151EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 4:16 p.m.14 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS0.00151EPSS
Exploits1References1
CVE
CVE
added 2026/06/09 2:47 p.m.27 views

CVE-2026-24064

Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation due to a trusted XPC client component signed with hardened runtime entitlements that allows dynamic library injection via DYLD_INSERT_LIBRARIES. An attacker can inject code into the trusted process at launch, w...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:47 p.m.9 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

6.2AI score0.00151EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/09 2:47 p.m.35 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

0.00151EPSS
Exploits1References1
Rows per page
Query Builder