63 matches found
SUSE CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
PT-2026-33184
Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...
CVE-2026-22561
Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...
FileFlows 安全漏洞
FileFlows is an open-source, self-hosted file processing system developed by FileFlows. Versions of FileFlows prior to 25.05.2 contained security vulnerabilities. These vulnerabilities stemmed from the SQL injection vulnerability in the library file search function, which could lead to privilege...
CVE-2025-15585
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...
CVE-2025-15585
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration...
PT-2025-48402
The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...
EUVD-2001-0895
Malware in sbrugna...
CVE-2025-57781
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer...
CVE-2025-30075
CVE-2025-30075 affects Alludo MindManager on Windows prior to 25.0.208. An attacker who can write DLL files to directories within the victim’s DLL search paths could achieve code execution as a local user. Root cause is DLL writing in search paths enabling arbitrary code execution under local pri...
MindManager Windows 安全漏洞
MindManager Windows is a mind mapping tool from the US-based MindManager Inc. A security vulnerability exists in MindManager Windows versions prior to 25.0.208, which stems from a vulnerability that allows an attacker to write a DLL file to the victim's DLL search path, potentially leading to cod...
The vulnerability of the StorSvc storage service in the Windows operating system allows a hacker to escalate their privileges.
The vulnerability of the StorSvc storage service in the Windows operating system arises due to deficiencies in the mechanism for searching dynamic libraries. Exploiting this vulnerability can allow an attacker to increase their privileges by introducing a DLL library during software installation...
The vulnerability of Dell Container Storage Modules lies in their uncontrolled DLL search path, which allows an attacker to execute arbitrary code.
The vulnerability of the Dell Container Storage Modules relates to an uncontrolled DLL search process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
SUSE CVE-2022-22736
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...
PT-2023-15288 · Unknown · Pandora Fms Console
Name of the Vulnerable Software and Affected Versions: Pandora FMS Console versions prior to v767 Description: The issue arises from a Reflected Cross Site Scripting vulnerability in the Search Functionality of the Module Library. This vulnerability is triggered by the forget password...
The vulnerability of the Fortinet FortiClient for Windows installer and the FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.
The vulnerability of the Fortinet FortiClient for Windows installer and the FortiClient Enterprise Management Server EMS is related to an uncontrolled DLL search process. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially crafted DLL library...
The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to an uncontrolled DLL search process. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
AttacheCase may insecurely load Dynamic Link Libraries
Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is...
The vulnerability of the Adobe Creative Cloud Desktop Application’s graphic editor app relates to an insecure process for searching DLL libraries. This vulnerability allows attackers to escalate their privileges.
The vulnerability of the Adobe Creative Cloud Desktop Application’s graphic editor relates to a non-safe method of searching for DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...