Lucene search
K

1004 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42165

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

7.8CVSS7.2AI score0.0075EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 9:16 p.m.8 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

7.8CVSS0.00149EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.35 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

0.00149EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55312

Name of the Vulnerable Software and Affected Versions Notepad3 versions prior to 6.25.822.2 Description A DLL search-order hijacking issue exists in the About-dialog code path within src/Notepad3.c. The application uses the LoadLibrary function to load MSFTEDIT.DLL using a bare name. This allows ...

7.8CVSS6.5AI score0.00149EPSS
Exploits1References6
Securelist
Securelist
added 2026/07/01 10:0 a.m.24 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/06/30 1:9 a.m.7 views

EUVD-2026-40241

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 4:12 p.m.10 views

CVE-2025-13162

The vulnerability CVE-2025-13162 affects ABB Control Builder A and ABB 800xA for Advant Master (up to specified versions). It is an Uncontrolled Search Path Element issue. The available documents provide affected products and version ranges but do not include explicit root-cause details, exploit ...

4.4CVSS5.8AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:30 p.m.10 views

EUVD-2026-36426

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:30 p.m.30 views

CVE-2026-11967

CVE-2026-11967 affects MobaXterm Personal Edition (Portable) version 26.3 (Build 5154). The root cause is the application loading winspool.drv from the same directory as the portable executable during startup, allowing an attacker with local access to place a crafted DLL alongside the executable ...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.11 views

EUVD-2026-35447

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

6.2AI score0.00151EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 4:16 p.m.14 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS0.00151EPSS
Exploits1References1
CVE
CVE
added 2026/06/09 2:47 p.m.27 views

CVE-2026-24064

Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation due to a trusted XPC client component signed with hardened runtime entitlements that allows dynamic library injection via DYLD_INSERT_LIBRARIES. An attacker can inject code into the trusted process at launch, w...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:47 p.m.9 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

6.2AI score0.00151EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/09 2:47 p.m.35 views

CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

0.00151EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/07 2:30 a.m.33 views

CVE-2026-11450 GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS0.01572EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44406

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since...

7.8CVSS5.7AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.15 views

CVE-2026-7279

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL...

8.5CVSS6.2AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-28704

Emocheck insecurely loads Dynamic Link Libraries DLLs. If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck...

8.4CVSS7.4AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder