CVE-2026-2627 Softland FBackup Backup/Restore HID.dll link following

A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The...

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

CVE-2025-33231

CVE-2025-33231 relates to NVIDIA Nsight Systems for Windows, where insecure DLL search paths in the application’s DLL loading mechanism allow an uncontrolled search path element. This could enable local attacker code execution, privilege escalation, data tampering, DoS, or information disclosure....

CVE-2025-13670

The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability...

EUVD-2025-18119

Malicious code in bioql PyPI...

EUVD-2024-31385

Malicious code in bioql PyPI...

CVE-2025-10214

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2025-49148

ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileg...

CVE-2024-57394

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities...

CVE-2024-33673

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path...

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...

PT-2024-25431 · Veritas · Veritas Backup Exec

Name of the Vulnerable Software and Affected Versions: Veritas Backup Exec versions prior to 22.2 HotFix 917391 Description: An issue was discovered that allows for DLL Hijacking in the Windows DLL Search path due to improper access controls. Recommendations: For versions prior to 22.2 HotFix...

CVE-2023-28080

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user non-admin can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM...

K02771314: Oracle Java SE vulnerability CVE-2019-2699

Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

SUSE CVE-2018-2942

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

CVE-2021-1240

A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to...

CVE-2020-13771

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a nonexistent library file, allowing under certain conditions one to gain code execution and elevation of privileges to the level of privilege held by the vulnerable component such as NT...

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution RCE. When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. Note: This issue only affects the...

Security Vulnerabilities fixed in Thunderbird 78 — Mozilla

When %2F was present in a manifest URL, Thunderbird's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...

Security Vulnerabilities fixed in Firefox 78 — Mozilla

When %2F was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...