Lucene search
K

8713 matches found

CVE
CVE
added yesterday5 views

CVE-2026-48363

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Sco...

8.2CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48364

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Sco...

8.2CVSS6.5AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-15515

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS0.00116EPSS
Exploits0References5
CVE
CVE
added yesterday14 views

CVE-2026-15515

The CVE-2026-15515 entry concerns Tencent PC Manager (version 18.1.30242.301) and its QMUDisk Driver component, specifically the qmudisk64.sys library. The vulnerability is described as an uncontrolled search path issue in the QMUDisk Driver, exploitable only via a local attack. The description n...

7.3CVSS6.3AI score0.00116EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-56437

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS0.00134EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42165

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References2
CVE
CVE
added 6 days ago8 views

CVE-2026-56437

The CVE-2026-56437 issue affects Pupsman versions prior to 3.9.0. An Uncontrolled search path element allows arbitrary code execution with SYSTEM privileges if a crafted DLL is placed in the same folder as the affected installer and the installer is executed. No exploitation details or fixes are ...

8.4CVSS7.2AI score0.00134EPSS
Exploits0References2
OSV
OSV
added last week5 views

PYSEC-2026-1477 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Impact On Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected...

7.3CVSS7.1AI score0.00154EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 11:16 a.m.9 views

CVE-2026-6901

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 10:1 a.m.35 views

CVE-2026-6901 Untrusted Search Path

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 10:1 a.m.7 views

EUVD-2026-41870

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 10:1 a.m.7 views

CVE-2026-6901

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 10:1 a.m.17 views

CVE-2026-6901

CVE-2026-6901 affects B&R Industrial Automation GmbH APROL (pre-R 4.4-01P5). The vulnerability is described as an Untrusted Search Path issue. According to the provided metrics, the impact is high for confidentiality and integrity (CVSS v3.1: HIGH/C:H/I:H; LOCAL access, no user interaction) with ...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:15 p.m.17 views

CVE-2026-54672

CVE-2026-54672 : The issue affects electron-updater with AppImage targets built by app-builder-lib prior to 26.15.0. At runtime, an empty path component in LD_LIBRARY_PATH can cause the current working directory to be added to the dynamic linker search path, potentially enabling an attacker to pl...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.28 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 12:0 a.m.12 views

CVE-2026-57919

CVE-2026-57919 affects Matrix42 Empirum (pre-25.5 and pre-26.2). The issue: PBackupVSS.exe creates a named pipe (\.\pipe\PBackupVSS) with a permissive DACL granting GENERIC_READ/WRITE to all authenticated users, enabling a low-privileged, local attacker to connect and send crafted IPC messages to...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 8:16 p.m.10 views

CVE-2026-46710

Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:16 p.m.38 views

CVE-2026-46710 Notepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search Path

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the...

7.5CVSS0.00108EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.5 views

CVE-2025-13162

Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1...

4.4CVSS0.00083EPSS
Exploits0References1
Rows per page
Query Builder