Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

CVE-2026-44211

CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...

Starlet 环境问题漏洞

Starlet is a high-performance HTTP/1.1 pre-fork web server developed by Kazuho Oku. Versions of Starlet prior to 0.31 contained an environmental vulnerability. This vulnerability stemmed from prioritizing the Content-Length header over the Transfer-Encoding header, which could lead to HTTP reques...

CVE-2026-25852

Local privilege escalation via DLL hijacking in Acronis DeviceLock DLP (Windows) prior to build 9.0.93212. Root cause: DLL hijacking. Impact: local elevation of privileges. Remediation: upgrade to build 9.0.93212 or newer. Exploitation details not provided in the supplied documents.

eMPIA AVACAST 代码问题漏洞

eMPIA AVACAST is a USB video capture and encoding device developed by eMPIA in Taiwan, China. eMPIA AVACAST has a code vulnerability that stems from DLL hijacking. This vulnerability allows authenticated local attackers to place malicious DLLs in specific directories. When the system loads these...

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

BIT-NATS-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

GO-2026-4833 NATS is vulnerable to MQTT hijacking via Client ID in github.com/nats-io/nats-server

NATS is vulnerable to MQTT hijacking via Client ID in github.com/nats-io/nats-server...

CVE-2026-2998

The CVE-2026-2998 entry concerns the ERP product developed by eAI Technologies and describes a DLL Hijacking vulnerability. According to the provided documents, an authenticated local attacker can place a crafted DLL file in the same directory as the ERP executable, leading to arbitrary code exec...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-52541

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-48503

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...

EUVD-2025-206456

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...

Broadcom Symantec Endpoint Protection Windows Agent security vulnerabilities

Broadcom Symantec Endpoint Protection Windows Agent is a client component of the endpoint security solution provided by Broadcom Corporation. There is a security vulnerability in Broadcom Symantec Endpoint Protection Windows Agent, which stems from a COM hijacking issue. This vulnerability could...

CVE-2020-24159

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0...

EUVD-2026-1684

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...

CVE-2025-66715

Axtion ODISSAAS ODIS v1.8.4 is affected by a DLL hijacking vulnerability. The issue enables arbitrary code execution via a crafted DLL file, due to a hijacking flaw in the application’s DLL loading behavior. The most concrete remediation note in the provided connected document is to update ODISSA...

CVE-2025-1729

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges...

CVE-2025-1700

A DLL hijacking vulnerability was reported in the Motorola Software Fix Rescue and Smart Assistant installer that could allow a local attacker to escalate privileges during installation of the software...