CVE & Exploit Intelligence Database

CVE-2024-53977 6.7 MEDIUM EPSS 0.00

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.

CWE-427 Feb 11, 2025

CVE-2024-48091 7.8 HIGH EPSS 0.00

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

CWE-427 Feb 07, 2025

CVE-2024-57426 7.3 HIGH 1 Writeup EPSS 0.00

NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.

CWE-427 Feb 06, 2025

CVE-2024-2658 EPSS 0.00

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.

CWE-427 Jan 30, 2025

CVE-2024-9499 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9498 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9497 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9496 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9495 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9494 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9493 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9492 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9491 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-9490 8.6 HIGH EPSS 0.00

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE-427 Jan 24, 2025

CVE-2024-41739 8.8 HIGH EPSS 0.00

IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.

CWE-427 Jan 24, 2025

CVE-2024-53588 7.8 HIGH 1 Writeup EPSS 0.00

A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.

CWE-427 Jan 23, 2025

CVE-2025-21127 7.8 HIGH EPSS 0.00

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

CWE-427 Jan 14, 2025

CVE-2025-0069 7.8 HIGH EPSS 0.00

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server.

CWE-427 Jan 14, 2025

CVE-2024-55543 7.8 HIGH EPSS 0.00

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE-427 Jan 02, 2025

CVE-2024-55540 7.8 HIGH EPSS 0.00

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE-427 Jan 02, 2025