CVE & Exploit Intelligence Database

CVE-2025-32780 7.3 HIGH 1 Writeup EPSS 0.00

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

CWE-427 Apr 15, 2025

CVE-2025-29817 5.7 MEDIUM EPSS 0.01

Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.

CWE-427 Apr 15, 2025

CVE-2025-29803 7.3 HIGH EPSS 0.00

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CWE-427 Apr 12, 2025

CVE-2025-2630 7.3 HIGH EPSS 0.00

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CWE-427 Apr 09, 2025

CVE-2025-2629 7.3 HIGH EPSS 0.00

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CWE-427 Apr 09, 2025

CVE-2025-29802 7.3 HIGH EPSS 0.01

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

CWE-427 Apr 08, 2025

CVE-2025-22458 7.8 HIGH EPSS 0.00

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

CWE-427 Apr 08, 2025

CVE-2024-11859 EXPLOITED EPSS 0.00

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

CWE-427 Apr 07, 2025

CVE-2025-3051 6.5 MEDIUM EPSS 0.00

Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672

CWE-427 Apr 01, 2025

CVE-2025-30673 6.5 MEDIUM EPSS 0.01

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672

CWE-427 Apr 01, 2025

CVE-2025-30672 6.5 MEDIUM EPSS 0.01

Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.

CWE-427 Apr 01, 2025

CVE-2025-26631 7.3 HIGH EPSS 0.01

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

CWE-427 Mar 11, 2025

CVE-2025-25003 7.3 HIGH EPSS 0.01

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CWE-427 Mar 11, 2025

CVE-2025-24998 7.3 HIGH EPSS 0.01

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

CWE-427 Mar 11, 2025

CVE-2020-23438 7.8 HIGH EPSS 0.00

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.

CWE-427 Mar 04, 2025

CVE-2024-10930 7.8 HIGH 1 PoC Analysis EPSS 0.01

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CWE-427 Mar 04, 2025

CVE-2025-1804 7.0 HIGH EPSS 0.00

A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor assigns this issue a low risk level.

CWE-427 Mar 01, 2025

CVE-2024-55898 8.5 HIGH EPSS 0.00

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

CWE-427 Feb 24, 2025

CVE-2022-28339 7.3 HIGH EPSS 0.00

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.

CWE-427 Feb 22, 2025

CVE-2025-1223 6.1 MEDIUM EPSS 0.00

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

CWE-427 Feb 20, 2025