Total
878 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29580 | 1 Google | 1 Google Search | 2025-04-18 | 8.9 High |
| There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | ||||
| CVE-2024-12530 | 2025-04-17 | N/A | ||
| Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. | ||||
| CVE-2021-44463 | 1 Emerson | 1 Deltav | 2025-04-17 | 8.1 High |
| Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | ||||
| CVE-2021-38410 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2025-04-17 | 7.3 High |
| AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | ||||
| CVE-2022-42945 | 1 Autodesk | 1 Dwg Trueview | 2025-04-17 | 7.8 High |
| DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. | ||||
| CVE-2020-25182 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 6.7 Medium |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | ||||
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 7.8 High |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | ||||
| CVE-2022-2334 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2025-04-16 | 7.2 High |
| The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22. | ||||
| CVE-2022-2006 | 1 Automationdirect | 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more | 2025-04-16 | 7.8 High |
| AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | ||||
| CVE-2022-2333 | 1 Honeywell | 1 Softmaster | 2025-04-16 | 8.8 High |
| If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions. | ||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2025-04-16 | 7.8 High |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2022-22736 | 1 Mozilla | 1 Firefox | 2025-04-16 | 7 High |
| If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. | ||||
| CVE-2021-36631 | 1 Baidu | 1 Baidunetdisk | 2025-04-16 | 6.7 Medium |
| Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2024-11859 | 2025-04-16 | N/A | ||
| DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. | ||||
| CVE-2025-29802 | 2025-04-16 | 7.3 High | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29803 | 2025-04-16 | 7.3 High | ||
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29817 | 2025-04-16 | 5.7 Medium | ||
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-32780 | 2025-04-15 | 7.3 High | ||
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | ||||
| CVE-2022-36314 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | 5.5 Medium |
| When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. | ||||
| CVE-2017-20018 | 1 Apachefriends | 1 Xampp | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. | ||||