Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31073 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-57781 | 1 Denso Ten | 1 Drive Recorder Viewer | 2026-04-15 | N/A |
| The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2025-21099 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39929 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-61871 | 2 Buffalo, Microsoft | 2 Navigator2, Windows | 2026-04-15 | N/A |
| NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||||
| CVE-2024-21830 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-37061 | 1 Weird Solutions | 1 Bootpturbo | 2026-04-15 | 7.8 High |
| BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions. | ||||
| CVE-2021-47896 | 1 Pdfcomplete | 1 Pdf Complete Corporate Edition | 2026-04-15 | 7.8 High |
| PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges. | ||||
| CVE-2023-40536 | 2026-04-15 | 4.3 Medium | ||
| Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-47576 | 2026-04-15 | 3.3 Low | ||
| SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application. | ||||
| CVE-2025-9201 | 1 Lenovo | 2 Browser, Browser Hd | 2026-04-15 | 7.8 High |
| A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2025-13919 | 2 Broadcom, Symantec | 2 Symantec Endpoint Protection, Endpoint Protection | 2026-04-15 | 4.4 Medium |
| Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. | ||||
| CVE-2022-28693 | 1 Redhat | 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more | 2026-04-15 | 4.7 Medium |
| Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2025-57624 | 2026-04-15 | 7.8 High | ||
| A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs. | ||||
| CVE-2024-58250 | 2026-04-15 | 9.3 Critical | ||
| The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. | ||||
| CVE-2025-0884 | 2026-04-15 | N/A | ||
| Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72. | ||||
| CVE-2020-36935 | 1 Kmspico | 1 Service Kmseldi | 2026-04-15 | 7.8 High |
| KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges. | ||||
| CVE-2024-31804 | 1 Terratec | 1 Dmx 6fire 24\/96 Controlpanel | 2026-04-15 | 6.7 Medium |
| An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. | ||||
| CVE-2024-3640 | 2026-04-15 | N/A | ||
| An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a System user. A threat actor needs admin privileges to exploit this vulnerability. | ||||
| CVE-2024-42405 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||