Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36333

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-15 May, 2026 | 02:58
Updated At-16 May, 2026 | 03:56
Rejected At-
Credits

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:15 May, 2026 | 02:58
Updated At:16 May, 2026 | 03:56
Rejected At:
▼CVE Numbering Authority (CNA)

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 5000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W5000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 6000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 7000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Cleanup Utility
Default Status
affected
Versions
Unaffected
  • https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W6000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W7000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX Vega Series Graphics Cards
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ VII
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 26.Q1 (23.19.24)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO VII
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 26.Q1 (23.19.24)
Problem Types
TypeCWE IDDescription
N/AN/ASecurity Vulnerability
Type: N/A
CWE ID: N/A
Description: Security Vulnerability
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Reported through AMD Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-427CWE-427 Uncontrolled Search Path Element
Type: CWE
CWE ID: CWE-427
Description: CWE-427 Uncontrolled Search Path Element
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:15 May, 2026 | 05:16
Updated At:15 May, 2026 | 14:10

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-427Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-427
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.htmlpsirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

19Records found
CVE-2025-62628
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 3.19%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 14:29
Updated-15 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T Manageability ServiceAMD Management Console (AMC)AMD Manageability APIDASH CLI - Command Line ApplicationAMD Management Plug-In for SCCMAMD Cloud Manageability Service (ACMS)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-61969
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 14:47
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD µProf
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-36334
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 1.23%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 02:58
Updated-16 May, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ RX 7000 Series Graphics Products
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-12891
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.46%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareradeon_pro_softwareRadeon SoftwareRadeon Pro Software for Enterprise
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-54519
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.07%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 17:46
Updated-13 Feb, 2026 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-Vivado™ Documentation Navigator Installation (Windows)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-52541
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 14:43
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-Vivado™ Installation (Windows)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-48503
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 14:26
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix")AMD Radeon™ PRO W6000 Series Graphics ProductsAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Barcelo R")AMD Radeon™ PRO W5000 Series Graphics ProductsAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Renoir")AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Picasso")AMD Ryzen™ AI 300 Series Processors (formerly codenamed "Strix Point")AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Lucienne")AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Cezanne")AMD Radeon™ RX 6000 Series Graphics ProductsAMD Ryzen™ 9000 Series Desktop Processors (formerly codenamed "Granite Ridge")AMD Ryzen™ 4000 Series Desktop Processors (formerly codenamed "Renoir")AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point")AMD Radeon™ RX 5000 Series Graphics ProductsAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics (formerly codenamed "Cezanne")AMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed "Phoenix")AMD Radeon™ RX 9000 Series Graphics ProductsAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dragon Range")AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (formerly codenamed "Mendocino")AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dali")AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Barcelo")AMD Radeon™ RX 7000 Series Graphics ProductsPlaceholderAMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael"/"Raphael X3D")AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael"/"Raphael-X3D")AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Dali")AMD Radeon™ PRO W7000 Series Graphics Products
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31358
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:14
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-aim-t_manageability_apiAIM-T Manageability API
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31361
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.04% / 14.08%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T (AMD Integrated Management Technology) software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-31348
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.17% / 37.92%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-12 Dec, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Tooluprof_tool
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2629
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:45
Updated-18 Aug, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2630
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7||HIGH
EPSS-0.06% / 18.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 18:50
Updated-18 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL Hijacking Vulnerability in NI LabVIEW

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

Action-Not Available
Vendor-niNI
Product-labviewLabVIEW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-34488
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7||HIGH
EPSS-0.01% / 2.61%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 06:17
Updated-24 Apr, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

Action-Not Available
Vendor-i-PRO Co., Ltd.
Product-IP Setting Software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10213
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:38
Updated-29 Jan, 2026 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\<user>\AppData\Local\Microsoft\WindowsApps\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10214
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:39
Updated-29 Jan, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-10215
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.01% / 2.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:39
Updated-20 Jan, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64\' directory, which could lead to arbitrary code execution and persistence.

Action-Not Available
Vendor-updfUPDF
Product-updfUPDF
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-47942
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.09% / 25.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024solid_edge_se2024
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-40979
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7||HIGH
EPSS-0.02% / 6.35%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 11:35
Updated-11 Sep, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL search order hijack in Wave by Grandstream Networks

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users<user>\AppData\Local\Temp' directory, which could lead to arbitrary code execution and persistence. This vulnerability is only replicable in versions of Windows 11 and does not affect earlier versions.

Action-Not Available
Vendor-Grandstream Networks
Product-Wave
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-35471
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-7||HIGH
EPSS-0.05% / 16.19%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 01:13
Updated-23 Sep, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

Action-Not Available
Vendor-conda-forgeconda-forgeMicrosoft Corporation
Product-openssl-feedstockminiforgewindowsminiforgeopenssl-feedstock
CWE ID-CWE-427
Uncontrolled Search Path Element
Details not found