Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2214 1 Jiransoft 2 Appcheck, Appcheck Pro 2025-04-20 N/A
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
CVE-2017-2143 1 Frogman Office Inc 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition 2025-04-20 N/A
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
CVE-2017-2139 1 Frogman Office Inc 1 Cs-cart 2025-04-20 N/A
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.
CVE-2017-15383 1 Nero 1 Nero 2025-04-20 N/A
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.
CVE-2017-11160 1 Synology 1 Assistant 2025-04-20 N/A
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
CVE-2017-2107 1 Akky 1 7-zip32.dll 2025-04-20 N/A
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-5232 1 Rapid7 1 Nexpose 2025-04-20 N/A
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
CVE-2022-29580 1 Google 1 Google Search 2025-04-18 8.9 High
There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41
CVE-2022-25626 1 Broadcom 1 Symantec Identity Governance And Administration 2025-04-18 5.3 Medium
An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.
CVE-2022-1742 1 Dominionvoting 2 Democracy Suite, Imagecast X 2025-04-17 6.8 Medium
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
CVE-2021-44463 1 Emerson 1 Deltav 2025-04-17 8.1 High
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started.
CVE-2021-38410 1 Aveva 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more 2025-04-17 7.3 High
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.
CVE-2022-42945 1 Autodesk 1 Dwg Trueview 2025-04-17 7.8 High
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.
CVE-2020-14521 1 Mitsubishielectric 60 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 57 more 2025-04-16 8.3 High
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.
CVE-2020-25182 3 Rockwellautomation, Schneider-electric, Xylem 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more 2025-04-16 6.7 Medium
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
CVE-2022-1098 1 Deltaww 1 Diaenergie 2025-04-16 7.8 High
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges
CVE-2022-2334 1 Softing 6 Edgeaggregator, Edgeconnector, Opc and 3 more 2025-04-16 7.2 High
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
CVE-2022-2006 1 Automationdirect 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more 2025-04-16 7.8 High
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;
CVE-2022-2333 1 Honeywell 1 Softmaster 2025-04-16 8.8 High
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.
CVE-2022-46662 1 Corel 1 Roxio Creator Ljb 2025-04-16 6.7 Medium
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)