CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

CVE-2026-34488

Technical details beyond the high-level description are not publicly available in the provided documents. Monitor for updates from the listed references for affected products, vulnerable components, and remediation guidance.

CVE-2026-40947

Affected software components are Yubico libfido2 (before 1.17.0), python-fido2 (before 2.2.0), and yubikey-manager (before 5.9.1). The issue is an unintended DLL search path, as described in CVE-2026-40947. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N, with a base score of 2.9 ...

EUVD-2026-8835

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

CVE-2026-25191

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

PT-2026-22123

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

CVE-2026-26050

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries

Overview The installer of M-Track Duo HD provided by M-Audio contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-25676 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc...

CVE-2026-21408

beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges...

CVE-2026-21408

The CVE-2026-21408 issue affects beat-access for Windows 3.0.3 and earlier, due to an insecure DLL search path (Uncontrolled search path element, CWE-427) that may cause loading of DLLs leading to arbitrary code execution with SYSTEM privileges. Documented impact is arbitrary code execution with ...

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

CVE-2026-21427

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer...

CVE-2026-21427

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer...

YSA-2026-01 | Yubico

Security updates which resolve a DLL search path vulnerability on Windows are available for three Yubico open source software projects: libfido2, YubiKey Manager, and python-fido2. If an attacker is able to place a malicious file in the directory where the affected software or Python is installed...

CVE-2025-64772

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2025-64772

CVE-2025-64772 affects Sony INZONE Hub installer versions 1.0.10.3–1.0.17.0. Root cause: an insecure DLL search path in the installer allowing loading of unintended DLLs, enabling arbitrary code to run with the invoking user’s privileges. CVSS data indicates local access with low attack complexit...

Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries

Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...

CVE-2025-62776

The installer of WTW EAGLE for Windows 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

WTW EAGLE 代码问题漏洞

WTW EAGLE is a companion program for wirelessly connected cameras from WTW Argentina. A code issue vulnerability exists in WTW EAGLE version 3.0.8.0, which stems from a DLL search path issue that could lead to the execution of arbitrary code...