Search Results (1182 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55671 2026-04-15 N/A
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.
CVE-2024-9498 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2025-7472 2026-04-15 7.5 High
A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.
CVE-2025-20106 1 Intel 1 Vtune Profiler Software And Intel Oneapi Base Toolkits 2026-04-15 6.7 Medium
Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2024-34165 1 Intel 1 Oneapi Dpc\+\+\/c\+\+ Compiler 2026-04-15 6.7 Medium
Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-27237 2 Microsoft, Zabbix 5 Windows, Zabbix, Zabbix-agent and 2 more 2026-04-15 N/A
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
CVE-2025-5470 2 Apple, Yandex 2 Macos, Disk 2026-04-15 N/A
Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.
CVE-2025-54519 1 Amd 1 Vivado™ Documentation Navigator Installation (windows) 2026-04-15 7.3 High
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-48503 1 Amd 24 Athlon 3000 Series Mobile Processors With Radeon Graphics, Placeholder, Radeon Pro W5000 Series and 21 more 2026-04-15 7.8 High
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2025-22838 1 Intel 1 Realsense Software 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-11223 1 Panasonic 1 Autodownloader 2026-04-15 7.8 High
Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory.
CVE-2024-9852 2 Iconics, Mitsubishielectric 3 Genesis64, Genesis64, Mc Works64 2026-04-15 7.8 High
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
CVE-2025-24842 1 Intel 1 System Support Utility 2026-04-15 6.7 Medium
Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2024-21774 2026-04-15 6.7 Medium
Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-9497 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-47006 2026-04-15 6.7 Medium
Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-47576 2026-04-15 3.3 Low
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.
CVE-2024-21857 1 Intel 1 Oneapi Compiler Software 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23312 1 Intel Binary Configuration Tool Software For Windows 1 Intel Binary Configuration Tool Software For Windows 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-21099 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.