Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0459 1 Libretro 1 Retroarch 2026-04-15 5.3 Medium
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-9945 2026-04-15 5.3 Medium
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.
CVE-2024-9852 2 Iconics, Mitsubishielectric 3 Genesis64, Genesis64, Mc Works64 2026-04-15 7.8 High
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
CVE-2024-9499 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9498 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9497 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9496 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9495 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9492 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9491 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9490 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9493 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-9494 2026-04-15 8.6 High
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVE-2024-8299 2 Iconics, Mitsubishielectric 2 Genesis64, Mc Works64 2026-04-15 7.8 High
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or to cause a denial of service (DoS) condition on the products.
CVE-2024-7153 1 Netgear 1 Wn604 2026-04-15 5.3 Medium
A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-5963 1 Hitachi 1 Device Manager 2026-04-15 6.7 Medium
Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.
CVE-2024-47576 2026-04-15 3.3 Low
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.
CVE-2024-46895 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-45246 1 Dieboldnixdorf 1 Vynamic View 2026-04-15 7.3 High
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
CVE-2024-39372 2026-04-15 6.7 Medium
Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access.