Export limit exceeded: 357825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1171 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14498 | 1 Tradingview | 1 Desktop | 2026-04-15 | N/A |
| TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the Electron framework. The product loads a script file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27395. | ||||
| CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-46895 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-39708 | 2026-04-15 | 7 High | ||
| An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. | ||||
| CVE-2025-23358 | 2 Microsoft, Nvidia | 2 Windows, App | 2026-04-15 | 8.2 High |
| NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges. | ||||
| CVE-2025-24923 | 1 Intel | 1 Ai For Erg Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-32452 | 1 Intel | 1 Ai Playground | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2024-33580 | 1 Lenovo | 1 Personal Cloud | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33579 | 1 Lenovo | 1 Baiying | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2025-44021 | 1 Openstack | 1 Ironic | 2026-04-15 | 2.8 Low |
| OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1. | ||||
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2026-04-15 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2024-2658 | 1 Flexera | 1 Flexnet Publisher | 2026-04-15 | N/A |
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. | ||||
| CVE-2025-3051 | 2026-04-15 | 6.5 Medium | ||
| Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672 | ||||
| CVE-2025-1804 | 1 Blizzard | 1 Battle.net | 2026-04-15 | 7 High |
| A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level. | ||||
| CVE-2024-21830 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-21099 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-4272 | 2026-04-15 | 7 High | ||
| A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7676 | 1 Microsoft | 1 Windows 11 | 2026-04-15 | N/A |
| DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs. | ||||
| CVE-2025-27717 | 1 Intel | 1 Graphics Driver | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access | ||||
| CVE-2024-47795 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||