MailEnableMailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14405)

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

Siemens SIMATIC S7-1500 Uncontrolled Search Path Element (CVE-2020-8315)

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. This...

Exploit for CVE-2025-11174

CVE-2025-11174: Unauthenticated Information Disclosure in Word...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

July 8, 2025-KB5062064 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

July 8, 2025-KB5062064 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016 Release Date: July 8, 2025 Version: .NET Framework 4.8 The July 8, 2025 update for Windows 10, version 1607 and Windows Server 2016 includes security and cumulative reliability...

ClipShare 代码问题漏洞

ClipShare is a cross-device shared clipboard by Thevindu Wijesekera Individual Developer. A code issue vulnerability exists in ClipShare versions prior to 3.8.5, which stems from a DLL being loaded in the wrong order, and may result in local elevation of privilege...

CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...

CVE-2024-40721

The CVE-2024-40721 entry concerns an improper server-side input validation in the API of the TCBServiSign Windows Version from CHANGING Information Technology . The flaw allows unauthenticated remote attackers to trigger loading a DLL from an arbitrary path when a user visits a spoofed website, i...

Exploit for CVE-2024-34329

CVE-2024-34329 Tested Product: Datacard XPS Card Printer Drive...

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

SUSE CVE-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

PT-2022-6501 · Schneider Electric · Ecostruxure Operator Terminal Expert +1

Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions V3.3 Hotfix 1 or prior Pro-face BLUE versions V3.3 Hotfix 1 or prior Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path...

CVE-2022-30700

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

Python 3.6.x < 3.6.11, 3.7.x < 3.7.7, 3.8.x < 3.8.2 Python Issue (bpo-39401) - Windows

Python CPython on Windows 7 is prone to an uncontrolled search path vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Metasploit Wrap-up

PrintNightmare Rapid7 security researchers Christophe De La Fuente, and Spencer McIntyre, have added a new module for CVE-2021-34527, dubbed PrintNightmare. This module builds upon the research of Xuefeng Li, Zhang Yunhai, Zhiniang Peng, Zhipeng Huo, and cube0x0. The module triggers a remote DLL...

CVE-2020-6787

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same...

CVE-2020-6014

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point...

Patchless AMSI bypass using SharpBlock

Introduction For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to prevent EDR’s or any other DLL from loading into a process that SharpBlock launches. One feature that was missing fr...

CVE-2020-7490

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic V1.1 HotFix 15 and prior and Vijeo Designer V6.9 SP9 and prior, which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product...