Total
1106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14599 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | |||||
| CVE-2025-14605 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. | |||||
| CVE-2025-13670 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability | |||||
| CVE-2025-13669 | 2 Intel, Microsoft | 2 High Level Synthesis Compiler, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3. | |||||
| CVE-2025-13664 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege. | |||||
| CVE-2025-13665 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| The System Console Utility for Windows is vulnerable to a DLL planting vulnerability | |||||
| CVE-2025-13668 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2026-01-12 | N/A | 6.7 MEDIUM |
| A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege. | |||||
| CVE-2025-66835 | 1 Trueconf | 1 Trueconf | 2026-01-09 | N/A | 7.1 HIGH |
| TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context. | |||||
| CVE-2024-9852 | 2026-01-09 | N/A | 7.8 HIGH | ||
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | |||||
| CVE-2024-8299 | 2026-01-09 | N/A | 7.8 HIGH | ||
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | |||||
| CVE-2025-64994 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. | |||||
| CVE-2025-64995 | 1 Teamviewer | 1 Digital Employee Experience | 2026-01-09 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges. | |||||
| CVE-2019-25268 | 2026-01-08 | N/A | 9.8 CRITICAL | ||
| NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. | |||||
| CVE-2026-21427 | 2026-01-08 | N/A | 7.8 HIGH | ||
| The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. | |||||
| CVE-2024-1182 | 2026-01-08 | N/A | 7.0 HIGH | ||
| Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. | |||||
| CVE-2025-65741 | 1 Sublimetext | 1 Sublime Text 3 | 2026-01-02 | N/A | 9.8 CRITICAL |
| Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application. | |||||
| CVE-2025-14498 | 2025-12-29 | N/A | 7.8 HIGH | ||
| TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the Electron framework. The product loads a script file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27395. | |||||
| CVE-2025-49144 | 2025-12-24 | N/A | 7.3 HIGH | ||
| Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2. | |||||
| CVE-2025-34423 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||
| CVE-2025-34422 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||