CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS

Exploits0References1

OSV•added 2026/04/09 9:32 p.m.•7 views

JLSEC-2026-68

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS7.5AI score0.76768EPSS

Exploits10References40

Tenable Nessus•added 2026/03/06 12:0 a.m.•5 views

NewStart CGSL MAIN 6.06 (SP) : openssh Vulnerability (NS-SA-2026-0030)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by a vulnerability: - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to a...

9.8CVSS7.8AI score0.76768EPSS

Exploits13References3

RedhatCVE•added 2026/02/20 1:22 a.m.•2 views

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS6.5AI score0.00248EPSS

Exploits1References1

Tenable Nessus•added 2026/02/20 12:0 a.m.•33 views

Notepad++ < 8.9.2 Unsafe Search Path (GHSA-rjvm-fcxw-2jxq)

The version of Notepad++ installed on the remote host is prior to 8.9.2. It is, therefore, affected by a vulnerability: - An Unsafe Search Path vulnerability CWE-426 exists when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if...

7.3CVSS9.2AI score0.00248EPSS

Exploits1References2

NVD•added 2026/02/19 12:16 a.m.•4 views

CVE-2026-25926

7.3CVSS0.00248EPSS

Exploits1References3

The Hacker News•added 2026/02/18 7:40 a.m.•22 views

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

7.7CVSS7.1AI score0.01268EPSS

Exploits1

Positive Technologies•added 2026/02/16 12:0 a.m.•5 views

PT-2026-20553

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...

7.3CVSS6.6AI score0.00248EPSS

Exploits1References14

RedhatCVE•added 2026/01/22 5:35 a.m.•2 views

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

6.7CVSS5.7AI score0.00156EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:29 a.m.•6 views

CVE-2019-12569

A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

9.3CVSS7.5AI score0.15041EPSS

Exploits0References1

OSV•added 2025/12/10 4:16 p.m.•0 views

CVE-2025-34417

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

7.8CVSS6.2AI score

Exploits0References3

EUVD•added 2025/12/09 6:11 p.m.•3 views

EUVD-2025-202184

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

8.5CVSS7.1AI score0.00158EPSS

Exploits0References4

EUVD•added 2025/12/02 9:49 p.m.•2 views

EUVD-2025-200373

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

7.8CVSS6.9AI score0.00431EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-10193

Malware in sbrugna...

9.3CVSS7.8AI score0.46891EPSS

Exploits4References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-15164

Malware in sbrugna...

9.3CVSS7.7AI score0.02613EPSS

Exploits0References2