CWE-426: CWE-426

OpenTelemetry-Go SDK versions v1.20.0 through v1.39.0 on macOS/Darwin systems are vulnerable to path hijacking attacks. An attacker with local access ...

This vulnerability allows an unauthorized attacker to execute arbitrary code on a local system by exploiting an untrusted search path in Microsoft Off...

This CVE describes an unquoted search path vulnerability in Muse Group MuseHub's Windows Service updater component. Attackers with local access could ...

CVE-2025-12286 is an unquoted search path vulnerability in VeePN's AVService component that allows local attackers to execute arbitrary code by placin...

This CVE describes an unquoted search path vulnerability in Hasleo Backup Suite services (HasleoImageMountService/HasleoBackupSuiteService) up to vers...

This vulnerability in LibreWolf's Windows installer allows local attackers to hijack the installation process through DLL search path manipulation. It...

This vulnerability in Mechrevo Control Center allows local attackers to exploit an uncontrolled search path (DLL hijacking) in the PowerShell Script H...

This is a critical uncontrolled search path vulnerability (DLL hijacking) in Wondershare Filmora's installer component. Attackers can exploit it by pl...

This CVE describes a critical privilege escalation vulnerability in ToDesk 4.7.6.3 where an uncontrolled search path in profapi.dll allows local attac...

This critical vulnerability in SunloginClient allows local attackers to exploit an uncontrolled search path (DLL hijacking) in the sunlogin_guard.exe ...

This CVE describes a critical uncontrolled search path vulnerability in Patch My PC Home Updater up to version 5.1.3.0, allowing local attackers to ex...

This vulnerability in Blizzard Battle.Net client involves an uncontrolled search path (DLL hijacking) in profapi.dll, allowing local attackers to exec...

This CVE describes a potential untrusted search path vulnerability in Kong Insomnia's profapi.dll library that could allow local attackers to execute ...

This vulnerability allows DLL injection in Veeam Agent for Windows when the system's PATH variable includes insecure directories. Attackers can place ...

This CVE describes an untrusted search path vulnerability in Adobe Premiere Pro that could allow arbitrary code execution. Attackers could exploit thi...

This CVE allows local Windows users to escalate privileges by hijacking the system search path. The Python installer on Windows can incorrectly add us...

This CVE describes an untrusted search path vulnerability in Zoom Workplace Desktop App and Zoom Meeting SDK for macOS. It allows a privileged user wi...

CVE-2025-43079 is a path injection vulnerability in Qualys Cloud Agent's uninstall script that allows local privilege escalation. When the script runs...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect Cloud Agent for Windows. Attackers can exploit DLL hijacking to...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect Cloud Agent for Windows. Attackers can exploit DLL hijacking to...

A race condition vulnerability in Zoom Client for Windows installers could allow an unauthenticated local attacker to compromise application integrity...

IBM App Connect Enterprise Certified Container versions up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) contain an untrusted sear...

This CVE describes a local privilege escalation vulnerability in Zoom Workplace Apps for Windows installers. An authorized user with local access can ...

This vulnerability in Postman for Windows allows local attackers to execute arbitrary code via DLL hijacking in the profapi.dll library. It affects Po...

This vulnerability in Epic Games Launcher involves an untrusted search path issue in the profapi.dll library during installation. Attackers could pote...

An improper input validation vulnerability in Tanium Appliance could allow attackers to cause unexpected behavior or denial of service. This affects o...

An untrusted search path vulnerability in Lexmark's Embedded Solutions Framework allows attackers to execute arbitrary code by manipulating the search...