413 matches found
EUVD-2025-31342
Malicious code in bioql PyPI...
EUVD-2025-21003
Malicious code in bioql PyPI...
sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
...
CVE-2025-9267
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...
CVE-2025-9267
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...
CVE-2025-9267
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...
PT-2025-39638
Name of the Vulnerable Software and Affected Versions Seagate Toolkit versions prior to 2.35.0.6 Description The software attempts to load DLLs from the current working directory without validating their origin or integrity. This can be exploited by placing a malicious DLL in the same directory a...
CVE-2025-47906 Unexpected paths returned from LookPath in os/exec
If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
...
Linux Distros Unpatched Vulnerability : CVE-2021-21237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file ...
Linux Distros Unpatched Vulnerability : CVE-2025-30673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can...
Linux Distros Unpatched Vulnerability : CVE-2023-40590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after...
SUSE CVE-2025-46334
Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...
SUSE-SU-2025:02051-1 Security update for perl
This update for perl fixes the following issues: - CVE-2025-40909: do not change the current directory when cloning an open directory handle bsc1244079...
CVE-2010-5259
Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow local users to gain privileges via a Trojan horse 1 wnaspi32.dll or 2 ntaspi32.dll file in the current working directory, as demonstrated by a directory that contains a .img file. NOTE: the provenance of this information is...
CVE-2010-5223
Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse 1 wbtrv32.dll or 2 w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are...
CVE-2010-5219
Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .txt, .html, or .mpg file. NOTE: some of these details are obtained from third party...
Ensure That the PATH User Variable Is Strictly Defined
In Linux, the PATH variable defines the path for searching for executable files in the user context of the current user. For example, if a user runs the ls command in any directory, the system searches for the ls command in the directories specified by PATH and executes the command. The PATH...
DEBIAN-CVE-2025-30673
Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...
UBUNTU-CVE-2025-30673
Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...