CVE-2026-32679

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

CVE-2026-32679

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

CVE-2026-32679

The installers of LiveOn Meet Client for Windows Downloader5Installer.exe and Downloader5InstallerForAdmin.exe and the installers of Canon Network Camera Plugin CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe insecurely load Dynamic Link Libraries DLLs. If a malicious DLL is placed at the...

Japan Media Systems LiveOn Meet Client和Canon Network Camera Plugin 代码问题漏洞

Japan Media Systems LiveOn Meet Client and Canon Network Camera Plugin are both products of Japan Media Systems, a company based in Japan. Japan Media Systems LiveOn Meet Client is a client application that supports online meetings, real-time audio and video communication, and collaboration. The...

i-PRO IP Setting Software 代码问题漏洞

i-PRO IP Setting Software is a management tool developed by the Japanese company i-PRO, designed for discovering devices and configuring network parameters in bulk. The i-PRO IP Setting Software has a code vulnerability related to the DLL search path. This vulnerability may lead to the insecure...

PT-2026-34644

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

PT-2026-34642

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...

Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries

Overview LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-32679 This...

EUVD-2026-22837

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

EUVD-2026-23135

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-5397

The CVE-2026-5397 entry describes an Uncontrolled Search Path Element (CWE-427) in a UPS management application. It states that improper permissions on the installation directory allow a malicious DLL to be placed there and executed with administrator privileges because the product loads missing ...