CVE-2025-54906

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2025-54899

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-55224

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to execute code locally...

CVE-2025-55228

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to execute code locally...

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, versions 19.19 and 19.20, contains an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, versions 19.19 and 19.20, contains an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, versions 19.19 and 19.20, contains an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, versions 19.19 and 19.20, contains an Incorrect Default Permissions vulnerability. The root cause is misconfigured permissions that a low-privileged local attacker could abuse to execute code. Impact is consistent with a local, high-privi...

CVE-2025-10214

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2025-10215

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to...

CVE-2025-10214

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2025-10213

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10213

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10215

CVE-2025-10215 affects UPDF.exe for Windows 1.8.5.0. The issue is DLL search path hijacking: an attacker with local access can place a malicious FREngine.dll in C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\ and trigger arbitrary code execution (and persistence). Several connected sources con...

CVE-2025-10215 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to...

CVE-2025-10214

CVE-2025-10214 is a DLL search path hijacking vulnerability in UPDF.exe for Windows 1.8.5.0. An attacker with local access can achieve arbitrary code execution by placing a malicious FREngine.dll in the directory C:\Users\AppData\Local\UPDF\FREngine\Bin64, enabling persistence. Descriptions from ...

CVE-2025-10214 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2025-10214 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2025-10213

CVE-2025-10213 is a DLL search path hijacking vulnerability affecting UPDF.exe on Windows (version 1.8.5.0). An attacker with local access can cause arbitrary code execution and persistence by placing a crafted dxtn.dll in the path C:\Users\AppData\Local\Microsoft\WindowsApps, exploiting the Wind...

CVE-2025-40979

CVE-2025-40979 describes a DLL search order hijack in Grandstream Wave’s wave.exe on Windows 11 (v1.27.8). The root cause is improper DLL loading order, allowing a locally attacker-controlled file placed in the user Temp directory (C:\Users\AppData\Local\Temp) to potentially execute arbitrary cod...