CVE-2026-40342

Summary: Firebird prior to versions 5.0.4, 4.0.7, and 3.0.14 is vulnerable to a path-traversal in the external engine plugin loader. An authenticated user with CREATE FUNCTION privileges can supply an ENGINE name that is concatenated into a filesystem path without filtering path separators or .. ...

CVE-2026-2040 PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...

NREL BEopt 代码问题漏洞

NREL BEopt is a residential building energy efficiency program calculator from the NREL organization in the United States. A code issue vulnerability exists in NREL BEopt version 2.8.0.0, which stems from an insecure library load that could lead to a DLL hijacking attack...

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion, which stems from an insecure library load and could lead to the execution of arbitrary code by an attacker with access to the software package...

MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

EUVD-2025-106751

A vulnerability has been identified in Altair Grid Engine All versions V2026.0.0. Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary...

Revenera InstallShield 安全漏洞

Revenera InstallShield Flexera InstallShield is a development package from Revenera Inc. for building Windows installers and MSIX packages. A security vulnerability exists in Revenera InstallShield version 2023 R1, which stems from MPR.dll being loaded from an insecure location, which could lead ...

PT-2025-44308

Name of the Vulnerable Software and Affected Versions Revenera InstallShield versions prior to 2023 R2 Description A privilege escalation issue exists in Revenera InstallShield version 2023 R1 when running a renamed Setup.exe on Windows. If a local administrator executes a renamed Setup.exe, the...

CVE-2025-57781

The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...

EUVD-2025-26462

Malicious code in bioql PyPI...

CVE-2025-9330

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on th...

CVE-2025-9330 Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on th...

CVE-2021-22645

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll fro...

CVE-2024-23681 Artemis Java Test Sandbox Libary Load Escape

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

PT-2023-7087 · Ashlar Vellum · Ashlar-Vellum Lithium

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Lithium affected versions not specified Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this...

PT-2023-36016 · Wasmedge · Wasmedge

Name of the Vulnerable Software and Affected Versions: WasmEdge affected versions not specified Description: A crash issue has been identified in WasmEdge. The crash occurs in the WasmEdge::Loader::SharedLibrary::load function, which is called by WasmEdge::Loader::Loader::loadModule and...

CVE-2022-28687

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Google Chrome 109.0.5414.74 Unsafe Library Load Vulnerability

Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to t...