Total
985 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3433 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-10-28 | 7.8 High |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. | ||||
| CVE-2020-3153 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-10-28 | 6.5 Medium |
| A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | ||||
| CVE-2025-10939 | 1 Redhat | 1 Build Keycloak | 2025-10-28 | 3.7 Low |
| A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed. | ||||
| CVE-2025-9164 | 2 Docker, Microsoft | 2 Desktop, Windows | 2025-10-28 | N/A |
| Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. | ||||
| CVE-2025-49144 | 2 Notepad++, Notepad Plus Plus | 2 Notepad++, Notepad++ | 2025-10-23 | 7.3 High |
| Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2. | ||||
| CVE-2025-23355 | 2 Microsoft, Nvidia | 2 Windows, Nsight Graphics | 2025-10-22 | 6.7 Medium |
| NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service. | ||||
| CVE-2025-23309 | 1 Nvidia | 1 Display Driver | 2025-10-22 | 8.2 High |
| NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering. | ||||
| CVE-2025-32463 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2025-10-21 | 9.3 Critical |
| Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | ||||
| CVE-2025-11940 | 2 Librewolf, Microsoft | 2 Librewolf, Windows | 2025-10-21 | 7 High |
| A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component. | ||||
| CVE-2025-59889 | 1 Eaton | 1 Ipp Software | 2025-10-21 | 8.6 High |
| Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. | ||||
| CVE-2025-26861 | 1 Rsupport | 1 Remotecall | 2025-10-21 | N/A |
| RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. | ||||
| CVE-2025-26860 | 1 Rsupport | 1 Remotecall | 2025-10-21 | N/A |
| RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. | ||||
| CVE-2025-26859 | 1 Rsupport | 1 Remoteview | 2025-10-21 | N/A |
| RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution. | ||||
| CVE-2025-10581 | 1 Lenovo | 1 Pcmanager | 2025-10-21 | 7.8 High |
| A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | ||||
| CVE-2025-57716 | 2 Fortinet, Microsoft | 3 Forticlient, Forticlientwindows, Windows | 2025-10-20 | 6 Medium |
| An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder. | ||||
| CVE-2025-32919 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-10-14 | N/A |
| Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | ||||
| CVE-2025-30033 | 2025-10-14 | 7.8 High | ||
| The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. | ||||
| CVE-2025-62185 | 1 Ankitects | 1 Anki | 2025-10-10 | 6.7 Medium |
| In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe. | ||||
| CVE-2025-49487 | 2 Microsoft, Trendmicro | 3 Windows, Wfbs Saas, Worry-free Business Security Services | 2025-10-09 | 6.8 Medium |
| An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a previous WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | ||||
| CVE-2025-1131 | 2 Asterisk, Sangoma | 3 Asterisk, Asterisk, Certified Asterisk | 2025-10-08 | 7.8 High |
| A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart. | ||||