Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-43751 1 Mcafee 1 Total Protection 2025-04-29 7.8 High
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
CVE-2022-36924 1 Zoom 1 Rooms 2025-04-28 8.8 High
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
CVE-2022-45422 1 Lg 1 Smart Share 2025-04-28 7.8 High
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.
CVE-2022-45276 1 Eyunjing 1 Yjcms 2025-04-25 9.8 Critical
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
CVE-2023-49114 1 Hexagon 1 Qognify Vms Client Viewer 2025-04-25 6.7 Medium
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.
CVE-2022-40746 2 Ibm, Microsoft 2 I Access Client Solutions, Windows 2025-04-24 7.2 High
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
CVE-2023-24591 1 Intel 1 Binary Configuration Tool 2025-04-24 6.7 Medium
Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-21011 2 Adobe, Microsoft 2 Captivate, Windows 2025-04-23 7 High
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
CVE-2023-45596 1 Ailux 2 Imx6, Imx6 Bundle 2025-04-23 5.3 Medium
A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2021-21008 2 Adobe, Microsoft 2 Animate, Windows 2025-04-23 7 High
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-21007 2 Adobe, Microsoft 2 Illustrator, Windows 2025-04-23 7 High
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-21055 3 Adobe, Apple, Microsoft 3 Dreamweaver, Macos, Windows 2025-04-23 6.2 Medium
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
CVE-2021-21078 3 Adobe, Apple, Microsoft 3 Creative Cloud Desktop Application, Macos, Windows 2025-04-23 6.5 Medium
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction
CVE-2021-21070 2 Adobe, Microsoft 2 Robohelp, Windows 2025-04-23 6.5 Medium
Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges.
CVE-2021-28570 2 Adobe, Microsoft 2 After Effects, Windows 2025-04-23 8.3 High
Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2021-28595 3 Adobe, Apple, Microsoft 3 Dimension, Macos, Windows 2025-04-23 7.8 High
Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-3859 1 Trellix 1 Agent 2025-04-23 6.7 Medium
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
CVE-2022-21713 4 Fedoraproject, Grafana, Netapp and 1 more 4 Fedora, Grafana, E-series Performance Analyzer and 1 more 2025-04-23 4.3 Medium
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2022-23202 1 Adobe 1 Creative Cloud Desktop Application 2025-04-23 7 High
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector.
CVE-2022-20001 3 Debian, Fedoraproject, Fishshell 3 Debian Linux, Fedora, Fish 2025-04-23 7.8 High
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.