JLSEC-2026-68

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

NewStart CGSL MAIN 6.06 (SP) : openssh Vulnerability (NS-SA-2026-0030)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by a vulnerability: - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to a...

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

Notepad++ < 8.9.2 Unsafe Search Path (GHSA-rjvm-fcxw-2jxq)

The version of Notepad++ installed on the remote host is prior to 8.9.2. It is, therefore, affected by a vulnerability: - An Unsafe Search Path vulnerability CWE-426 exists when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if...

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

PT-2026-20553

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...

EUVD-2025-202184

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the...

EUVD-2025-200373

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

EUVD-2021-19432

Malware in sbrugna...

EUVD-2019-15164

Malware in sbrugna...

Salesforce CLI 安全漏洞

Salesforce CLI is a command line tool from Salesforce, Inc. that interacts with the Salesforce platform. A security vulnerability exists in Salesforce CLI versions prior to 2.106.6 that stems from an uncontrolled search path element that could lead to the replacement of trusted executables...

CVE-2020-9287

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that...

CVE-2023-44439

Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit...

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

AZL-27651 CVE-2023-38408 affecting package openssh for versions less than 8.9p1-1

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

ALPINE-CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

Intel NUC Pro Software Suite 代码问题漏洞

Intel NUC Pro Software Suite is an application from Intel Corporation USA. A security vulnerability exists in Intel NUC Pro Software Suite versions prior to 2.0.0.3, which stems from the presence of an uncontrolled search path that could allow an authenticated user to potentially enable privilege...

SUSE CVE-2020-14350

It was found that some PostgreSQL extensions did not use searchpath safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affect...