CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

Notepad++ Plugin Persistence

This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use exploit/windows/persistence/notepadppplugin msf...

CVE-2020-7474

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...

CVE-2020-10626

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code...

CVE-2019-16861

Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library DLL. The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated...

CVE-2024-2658

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 11.19.6.0 allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted...

CVE-2025-59485

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

CVE-2025-59485

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

PT-2025-48023

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

EUVD-2018-17017

Malware in sbrugna...

EUVD-2019-2685

Malware in sbrugna...

EUVD-2019-16379

Malware in sbrugna...

EUVD-2020-5789

Malware in sbrugna...

EUVD-2018-18415

Malware in sbrugna...

EUVD-2019-8650

Malware in sbrugna...

EUVD-2020-28599

Malware in sbrugna...

EUVD-2021-21256

Malware in sbrugna...

EUVD-2025-18256

Malicious code in bioql PyPI...

EUVD-2025-3730

Malicious code in bioql PyPI...

CVE-2013-10046

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting ...