Total
963 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50583 | 1 Naver | 1 Whale Browser Installer | 2025-07-13 | 6.3 Medium |
| Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings. | ||||
| CVE-2024-24852 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2025-07-12 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2658 | 1 Flexera | 1 Flexnet Publisher | 2025-07-12 | N/A |
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. | ||||
| CVE-2024-13946 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-12 | 6.8 Medium |
| DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-53977 | 1 Siemens | 2 Modelsim, Questa | 2025-07-12 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. | ||||
| CVE-2025-32780 | 1 Bleachbit | 1 Bleachbit | 2025-07-12 | 7.3 High |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0. | ||||
| CVE-2025-30399 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2025-07-11 | 7.5 High |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-29802 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-10 | 7.3 High |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29803 | 1 Microsoft | 5 Sql Server Management Studio, Visual Studio Tools For Applications 2019, Visual Studio Tools For Applications 2019 Sdk and 2 more | 2025-07-10 | 7.3 High |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-4981 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 9.9 Critical |
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default. | ||||
| CVE-2025-4539 | 1 Todesk | 1 Todesk | 2025-07-08 | 7 High |
| A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | 5.7 Medium |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2024-55898 | 1 Ibm | 1 I | 2025-07-03 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2024-48992 | 1 Needrestart Project | 1 Needrestart | 2025-07-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | ||||
| CVE-2024-48990 | 1 Needrestart Project | 1 Needrestart | 2025-07-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. | ||||
| CVE-2025-26631 | 1 Microsoft | 1 Visual Studio Code | 2025-07-03 | 7.3 High |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | 7.3 High |
| Visual Studio Code Elevation of Privilege Vulnerability | ||||
| CVE-2025-4525 | 2 Discord, Microsoft | 2 Discord, Windows | 2025-07-01 | 7 High |
| A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24998 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25003 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-07-01 | 7.3 High |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||