Total
1107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34422 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||
| CVE-2023-53959 | 2025-12-23 | N/A | 9.8 CRITICAL | ||
| FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches. | |||||
| CVE-2025-34416 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process. | |||||
| CVE-2025-34417 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process. | |||||
| CVE-2025-34418 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIMF.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process. | |||||
| CVE-2025-34419 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISM.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process. | |||||
| CVE-2025-34420 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAM.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||
| CVE-2025-34421 | 1 Mailenable | 1 Mailenable | 2025-12-23 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||
| CVE-2025-10939 | 2025-12-19 | N/A | 3.7 LOW | ||
| A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed. | |||||
| CVE-2021-22280 | 1 Br-automation | 1 Automation Studio | 2025-12-19 | N/A | 7.2 HIGH |
| Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. | |||||
| CVE-2025-7427 | 1 Arm | 1 Arm Development Studio | 2025-12-18 | N/A | 5.9 MEDIUM |
| Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio. | |||||
| CVE-2025-34424 | 1 Mailenable | 1 Mailenable | 2025-12-17 | N/A | 7.8 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process. | |||||
| CVE-2023-4936 | 1 Synaptics | 1 Displaylink | 2025-12-17 | N/A | 5.5 MEDIUM |
| It is possible to sideload a compromised DLL during the installation at elevated privilege. | |||||
| CVE-2025-12046 | 2025-12-12 | N/A | 7.8 HIGH | ||
| A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions. | |||||
| CVE-2025-13152 | 2025-12-12 | N/A | 7.8 HIGH | ||
| A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2025-34396 | 1 Mailenable | 1 Mailenable | 2025-12-10 | N/A | 7.3 HIGH |
| MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the DLL is missing or attacker-writable locations in the search path are used, a local attacker with write permissions to the directory can plant a malicious MEAINFY.DLL. When the executable is launched, it loads the attacker-controlled library and executes code with the privileges of the process, enabling local privilege escalation when run with elevated rights. | |||||
| CVE-2025-5469 | 2025-12-09 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245 | |||||
| CVE-2025-5470 | 2025-12-09 | N/A | N/A | ||
| Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275. | |||||
| CVE-2022-27595 | 1 Qnap | 1 Qvpn | 2025-12-08 | N/A | 7.8 HIGH |
| An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later | |||||
| CVE-2025-32919 | 1 Checkmk | 1 Checkmk | 2025-12-04 | N/A | 7.8 HIGH |
| Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | |||||