CVE-2026-6788

Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000...

CVE-2026-6788

Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000...

Johnson Controls AC2000 代码问题漏洞

Johnson Controls AC2000 is an enterprise-level access control and security management system developed by Johnson Controls. There is a code vulnerability in Johnson Controls AC2000, which stems from uncontrolled search path elements, potentially allowing the search path in configuration files to ...

EUVD-2026-23017

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the...

CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

PT-2026-23987

Name of the Vulnerable Software and Affected Versions UltraVNC version 1.6.4.0 Description A weakness exists in UltraVNC 1.6.4.0 on Windows. The issue affects an unknown function within the cryptbase.dll library of the Windows Service component, leading to an uncontrolled search path. Local acces...

CVE-2025-71178

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

CVE-2025-71178 Crucial Storage Executive < 11.08.082025.00 Installer DLL Preloading LPE

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

Altera Quartus Prime Standard和Altera Quartus Prime Lite 安全漏洞

Altera Quartus Prime Standard and Altera Quartus Prime Lite are FPGA design software from Altera Corporation. A security vulnerability exists in Altera Quartus Prime Standard and Altera Quartus Prime Lite that stems from the presence of uncontrolled search path elements in the Windows installer,...

CVE-2025-5470

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275...

Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2019-5443)

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl engine on invocation. If that curl is invoked by a privileged user it can do anything it wants. This plugin only...

CVE-2025-61161

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path C:\ProgramData\Evope. This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that...

PT-2025-44303

Name of the Vulnerable Software and Affected Versions Evope Collector version 1.1.6.9.0 Description A DLL hijacking issue exists in Evope Collector. The software loads the wtsapi32.dll library from an uncontrolled search path, specifically C:ProgramDataEvope. This allows a local, unprivileged...

CVE-2025-61161

DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path C:\ProgramData\Evope. This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that...

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.3.0, which stems from an uncontrolled search path element that could lead to the executi...

EUVD-2021-1138

Malware in sbrugna...

EUVD-2018-17227

Malware in sbrugna...

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...