Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39833 | 2026-02-26 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-46895 | 2026-02-26 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47795 | 2026-02-26 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47800 | 2026-02-26 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-49144 | 2 Notepad++, Notepad Plus Plus | 2 Notepad++, Notepad++ | 2026-02-26 | 7.3 High |
| Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2. | ||||
| CVE-2025-7427 | 1 Arm | 1 Arm Development Studio | 2026-02-26 | 5.9 Medium |
| Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio. | ||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2026-02-26 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-32463 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2026-02-26 | 9.3 Critical |
| Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | ||||
| CVE-2025-25011 | 1 Elastic | 1 Elastic Beats | 2026-02-26 | 7 High |
| An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges. | ||||
| CVE-2025-20017 | 1 Intel | 1 Oneapi Toolkits | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20048 | 1 Intel | 1 Trace Analyzer And Collector | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20627 | 1 Intel | 1 Oneapi Dpc++/c++ Compiler | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-21093 | 1 Intel | 2 Driver&support Assistant, Driver & Support Assistant | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-24923 | 1 Intel | 1 Ai For Erg Software | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-26404 | 1 Intel | 1 Dsa Software | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-27717 | 1 Intel | 1 Graphics Driver | 2026-02-26 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access | ||||
| CVE-2025-49571 | 1 Adobe | 1 Substance 3d Modeler | 2026-02-26 | 7.8 High |
| Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-23355 | 2 Microsoft, Nvidia | 2 Windows, Nsight Graphics | 2026-02-26 | 6.7 Medium |
| NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service. | ||||
| CVE-2025-27237 | 2 Microsoft, Zabbix | 5 Windows, Zabbix, Zabbix-agent and 2 more | 2026-02-26 | N/A |
| In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. | ||||
| CVE-2025-1131 | 2 Asterisk, Sangoma | 3 Asterisk, Asterisk, Certified Asterisk | 2026-02-26 | 7.8 High |
| A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart. | ||||