Total
581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27167 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | N/A | 7.8 HIGH |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | |||||
| CVE-2025-1398 | 2025-03-31 | N/A | 3.3 LOW | ||
| Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection. | |||||
| CVE-2025-30407 | 2025-03-27 | N/A | 6.3 MEDIUM | ||
| Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713. | |||||
| CVE-2023-22368 | 2 Elecom, Microsoft | 3 Camera Assistant, Quickfiledealer, Windows | 2025-03-19 | N/A | 7.8 HIGH |
| Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2023-23920 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2025-03-17 | N/A | 4.2 MEDIUM |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | |||||
| CVE-2024-3220 | 2025-03-14 | N/A | N/A | ||
| There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations. | |||||
| CVE-2025-29903 | 2025-03-12 | N/A | 5.2 MEDIUM | ||
| In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible | |||||
| CVE-2025-1804 | 2025-03-07 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | |||||
| CVE-2025-1353 | 2025-02-26 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue. | |||||
| CVE-2025-26624 | 2025-02-18 | N/A | N/A | ||
| Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7. Users are advised to upgrade as soon as version 4.7 becomes available. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24830 | 2025-02-18 | N/A | 6.3 MEDIUM | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2025-24829 | 2025-02-18 | N/A | 6.3 MEDIUM | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2025-24827 | 2025-02-18 | N/A | 6.3 MEDIUM | ||
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2023-27759 | 1 Wondershare | 1 Edrawmind | 2025-02-14 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. | |||||
| CVE-2023-27766 | 1 Wondershare | 1 Anireel | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. | |||||
| CVE-2023-27765 | 1 Wondershare | 1 Recoverit | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. | |||||
| CVE-2023-27764 | 1 Wondershare | 1 Repairit | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. | |||||
| CVE-2023-27763 | 1 Wondershare | 1 Mobiletrans | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. | |||||
| CVE-2023-27762 | 1 Wondershare | 1 Democreator | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. | |||||
| CVE-2023-27761 | 1 Wondershare | 1 Uniconverter | 2025-02-13 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. | |||||