Lucene search
K

1412 matches found

NVD
NVD
added 9 hours ago6 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43583

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS6.4AI score0.00148EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 6:16 a.m.8 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS0.00134EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:0 a.m.6 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

6.4AI score0.00149EPSS
Exploits1References4
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS0.00985EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:41 p.m.7 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score0.00985EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:39 p.m.7 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 7:39 p.m.12 views

EUVD-2026-37940

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 7:39 p.m.22 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36986

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS5.2AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40779

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.28 views

CVE-2026-40779 WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.19 views

CVE-2026-40779

CVE-2026-40779 affects the WordPress WordPress Link Library plugin, version

7.7CVSS5.2AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49421

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

7.7CVSS5.2AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 1:30 p.m.14 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:30 p.m.30 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:29 p.m.13 views

EUVD-2026-36425

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48864

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.13 views

CVE-2026-45635

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.17 views

CVE-2026-45592

Integer overflow or wraparound in Windows Internet wininet.dll allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00286EPSS
Exploits0References1
Rows per page
Query Builder