Lucene search
K

1544 matches found

NVD
NVD
added yesterday7 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/23 12:0 a.m.5 views

CVE-2026-39253

CVE-2026-39253 affects Pivotal CRM v6.6.04.08. The vulnerability enables a remote attacker to execute arbitrary code via the components Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll , caused by insecure deserialization (CWE-502). The CVSSv3.1 base score is 8.1 (HIGH) w...

8.1CVSS6.3AI score0.00805EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 7:39 p.m.7 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 7:39 p.m.10 views

EUVD-2026-37940

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 7:39 p.m.18 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 1:30 p.m.10 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:30 p.m.26 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 1:29 p.m.9 views

EUVD-2026-36425

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 1:29 p.m.27 views

CVE-2026-11879 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 1:29 p.m.28 views

CVE-2026-11879

MobaXterm Personal Edition (Portable) 26.3 (Build 5154) is affected by arbitrary code execution due to DLL loading from a user-modifiable, predictable temporary directory during startup, before the system secure paths are consulted. An attacker with local access can place a crafted DLL in that lo...

8.5CVSS6AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.9 views

PT-2026-48864

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS6AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.12 views

CVE-2026-45635

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.15 views

CVE-2026-45592

Integer overflow or wraparound in Windows Internet wininet.dll allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00286EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.16 views

Windows UPnP Device Host Remote Code Execution Vulnerability

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/09 5:7 a.m.7 views

CamView installer insecurely loads Dynamic Link Libraries

Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...

9.3CVSS7.7AI score0.01525EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2022-49042

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.13 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS7.4AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-50033

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.2AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.7 views

CVE-2026-28704

Emocheck insecurely loads Dynamic Link Libraries DLLs. If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck...

8.4CVSS7.4AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder