CVE-2025-69784

OpenEDR kernel driver 2.5.1.0 is affected by CVE-2025-69784. A local, non-privileged attacker can abuse a vulnerable IOCTL interface to modify the DLL injection path to a user-writable location, causing the product to load an attacker‑controlled DLL into high‑privilege processes. This yields arbi...

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

CVE-2026-2538 Flos Freeware Notepad2 Msimg32.dll uncontrolled search path

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

curl: Security hardening: missing integer overflow check in curl_load_library()

Summary A missing integer overflow check was identified in lib/systemwin32.c::curlloadlibrary when calculating the buffer size for a DLL path. On 32-bit Windows builds, the unchecked size calculation can wrap around, resulting in an undersized heap allocation followed by unbounded string copies v...

EUVD-2025-27532

Malicious code in bioql PyPI...

EUVD-2022-49147

Malicious code in bioql PyPI...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077-EXP 基于伪代码https://sites.google.com/site/zhin...

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

PT-2023-21942 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0 Description: A vulnerability exists in the way the client validates the path to a DLL prior to loading, which may allow a lower-level user to elevate privileges and compromise the system...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

Veritas Technologies Veritas NetBackup 代码问题漏洞

Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A code issue vulnerability exists in Veritas Technologies Veritas NetBackup versions prior to 10.0, which stems from a flaw in the way DLL paths are verified prior...

Duplicate Advisory: Kerberos for NodeJS allows DLL Injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m2mx-rfpw-jghv. This link is maintained to preserve external references. Original Description The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection ...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. Th...

CVE-2019-8461

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with...

PT-2019-17996 · Lenovo +1 · Paperdisplay Hotkey Service +1

Name of the Vulnerable Software and Affected Versions: PaperDisplay Hotkey Service version 1.2.0.8 Description: A DLL search path issue was reported that could allow privilege escalation. The software's functionality is superseded by the Night light feature in Windows 10 Build 1703 and later...

Firefox < 23.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...

Firefox ESR 17.x < 17.0.8 Multiple Vulnerabilities

The installed version of Firefox ESR 17.x is earlier than 17.0.8, and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701 - Errors exist related to the update service and 'maintenanceservice.exe...

Microsoft Windows GDI Multiple Vulnerabilities (925902)

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service persistent reboot via a large length value in the second or later anih block of a RIFF .ANI, cur, or .ico file, which...