CVE-2025-2501
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-40909
Perl threads have a working directory race condition where file operations may target unintended paths.
If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone t…
CVE-2025-5180
A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manip…
CVE-2025-5129
A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local…
CVE-2025-4971
Broadcom Automic
Automation Agent Unix versions <
24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution
rights on the agent executable to escalate their privileges.
CVE-2025-4802
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including inter…
CVE-2025-4769
A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached…
CVE-2025-4540
A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack ne…
CVE-2025-4539
A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. I…
CVE-2025-4532
A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to u…
CVE-2025-4525
A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack…
CVE-2025-4455
A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/…
CVE-2025-4272
A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\c…
CVE-2024-58250
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.
CVE-2025-27743
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.
CVE-2025-31480
aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being s…
CVE-2025-30407
Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713.
CVE-2025-1398
Mattermost Desktop App versions
CVE-2025-29903
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
CVE-2025-27167
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If…