Total
624 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24070 | 3 Apple, Native-instruments, Native Instruments | 3 Macos, Native Access, Native Access | 2026-02-11 | 8.8 High |
| During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] = \"Developer ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native Access application was found to be signed with the `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` entitlements leading to DYLIB injection and therefore command execution in the context of this application. A low privileged user can exploit the DYLIB injection to trigger functions of the privileged helper XPC service resulting in privilege escalation by first deleting the /etc/sudoers file and then copying a malicious version of that file to /etc/sudoers. | ||||
| CVE-2025-15321 | 1 Tanium | 1 Tanos | 2026-02-10 | 2.7 Low |
| Tanium addressed an improper input validation vulnerability in Tanium Appliance. | ||||
| CVE-2025-13491 | 1 Ibm | 2 App Connect Enterprisecertified Containers Operands, App Connect Operator | 2026-02-05 | 5.1 Medium |
| IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path. | ||||
| CVE-2026-23512 | 2 Microsoft, Sumatrapdfreader | 2 Windows, Sumatrapdf | 2026-02-03 | 8.6 High |
| SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows execution of a malicious notepad.exe placed in the application's installation directory, leading to arbitrary code execution. | ||||
| CVE-2026-23888 | 1 Pnpm | 1 Pnpm | 2026-01-28 | 6.5 Medium |
| pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outside `targetDir`. The issue impacts all pnpm users who install packages with binary assets, users who configure custom Node.js binary locations and CI/CD pipelines that auto-install binary dependencies. It can lead to overwriting config files, scripts, or other sensitive files leading to RCE. Version 10.28.1 contains a patch. | ||||
| CVE-2025-12793 | 1 Asus | 2 Asussoftwaremanageragent, Myasus | 2026-01-28 | 7.8 High |
| An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-29903 | 1 Jetbrains | 1 Runtime | 2026-01-13 | 5.2 Medium |
| In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible | ||||
| CVE-2024-53866 | 1 Pnpm | 1 Pnpm | 2025-12-31 | 9.8 Critical |
| The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B. Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace. | ||||
| CVE-2025-26155 | 2 Microsoft, Ncp-e | 5 Windows, Ncp Secure Entry Client, Secure Client and 2 more | 2025-12-30 | 9.8 Critical |
| NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | ||||
| CVE-2025-12819 | 1 Pgbouncer | 1 Pgbouncer | 2025-12-27 | 7.5 High |
| Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. | ||||
| CVE-2024-30100 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2025-12-17 | 7.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-35260 | 1 Microsoft | 1 Power Platform | 2025-12-17 | 8 High |
| An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. | ||||
| CVE-2023-41840 | 1 Fortinet | 1 Forticlient | 2025-12-16 | 7.4 High |
| A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | ||||
| CVE-2024-12168 | 1 Yandex | 1 Yandex Telemost | 2025-12-03 | 7.8 High |
| Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used. | ||||
| CVE-2024-27303 | 2 Electron, Microsoft | 2 Electron-builder, Windows | 2025-12-03 | 7.3 High |
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | ||||
| CVE-2025-49642 | 1 Zabbix | 1 Zabbix-agent | 2025-12-01 | N/A |
| Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. | ||||
| CVE-2024-21923 | 1 Amd | 1 Storemi | 2025-11-25 | 7.3 High |
| Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2024-21922 | 1 Amd | 1 Storemi | 2025-11-25 | 7.3 High |
| A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2017-7755 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2025-11-25 | N/A |
| The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | ||||
| CVE-2025-13433 | 2 Microsoft, Muse | 2 Windows, Musehub | 2025-11-24 | 7 High |
| A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in unquoted search path. The attack is only possible with local access. A high complexity level is associated with this attack. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||