CVE-2026-22561

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer...

CVE-2026-3091

The CVE-2026-3091 entry covers an Uncontrolled Search Path Element vulnerability in Synology Presto Client prior to 2.1.3-0672. The issue allows local users to read or write arbitrary files and can cause denial of service during installation by placing a malicious DLL in the same directory as the...

CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer...

EUVD-2024-22279

Malicious code in bioql PyPI...

CVE-2025-9267

In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in the same directory ...

CVE-2018-25114

OSCommerce Online Merchant 2.3.4.1 : Remote code execution via insecure installer workflow. Unauthenticated attackers can access the install_4.php endpoint in an accessible /install/ directory and inject PHP code into configure.php, which is executed when included by the app. Affected component: ...

CVE-2024-24916

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges admin...

CVE-2024-24916

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges admin...

CVE-2024-24916 DLL-HiJacking

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges admin...

Check Point SmartConsole 安全漏洞

Check Point SmartConsole is a graphical user interface for centralized management of Check Point security products from Check Point Israel. A security vulnerability exists in Check Point SmartConsole versions R81.10 and R81.20 that originates from an untrusted DLL in the installer directory that...

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

CVE-2022-43702

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify or replace the installer to execute malicious code...

PT-2023-14294 · Arm · Arm Compiler 5 (Ac5) +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when the directory containing the installer lacks sufficiently restrictive file permissions, allowing an attacker to modify or replace...

Open Source Social Network 代码问题漏洞

Open Source Social Network OSSN is a source social network engine from the Swiss OSSN team. A code issue exists in Open Source Social Network v6.3 LTS that allows an attacker to upload arbitrary files to the /ossn/administrator/cominstaller directory to execute arbitrary commands using carefully...

Fortinet FortiClient for Windows权限提升漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. executable file in the FortiClient installer...

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. executable file in the FortiClient installer...

Microsoft Edge Installer Directory Junction Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Edge. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Edge Installer. By...

CVE-2020-6788

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in...

CVE-2020-9287

An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that...