CVE-2025-69599 — CVSS 9.8 (critical): RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment…
CVE-2019-25268 — CVSS 9.8 (critical): NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening…
CVE-2023-53959 — CVSS 9.8 (critical): FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted…
CVE-2025-65741 — CVSS 9.8 (critical): Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the…
CVE-2024-23054 — CVSS 9.8 (critical): An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package…
CVE-2023-31543 — CVSS 9.8 (critical): A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the…
CVE-2023-25143 — CVSS 9.8 (critical): An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote…
CVE-2022-34825 — CVSS 9.8 (critical): Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X…
CVE-2022-24955 — CVSS 9.8 (critical): Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.
CVE-2021-28955 — CVSS 9.8 (critical): git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations…
CVE-2019-20780 — CVSS 9.8 (critical): An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to…
CVE-2020-10515 — CVSS 9.8 (critical): STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.
CVE-2019-9546 — CVSS 9.8 (critical): SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2019-7653 — CVSS 9.8 (critical): The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working…
CVE-2018-12805 — CVSS 9.8 (critical): Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege…
CVE-2017-3097 — CVSS 9.8 (critical): Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe…
CVE-2017-3092 — CVSS 9.8 (critical): Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe…
CVE-2017-3090 — CVSS 9.8 (critical): Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe…
CVE-2017-6517 — CVSS 9.8 (critical): Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the…
CVE-2025-13051: When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL…
CVE-2021-38469 — CVSS 9.1 (critical): Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the…
CVE-2025-30248: DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary…
CVE-2026-54232 — CVSS 8.8 (high): vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a…
CVE-2026-7870 — CVSS 8.8 (high): IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could…
CVE-2026-30478 — CVSS 8.8 (high): A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a…
CVE-2025-69784 — CVSS 8.8 (high): A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL…
CVE-2026-29610 — CVSS 8.8 (high): OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by…
CVE-2026-24502 — CVSS 8.8 (high): Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged…
CVE-2025-65118 — CVSS 8.8 (high): The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into…
CVE-2025-33208 — CVSS 8.8 (high): NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful…
CVE-2025-9164: Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in…
CVE-2025-9844 — CVSS 8.8 (high): Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects…
CVE-2025-36004 — CVSS 8.8 (high): IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for…
CVE-2025-49155 — CVSS 8.8 (high): An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject…
CVE-2025-32917 — CVSS 8.8 (high): Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user…
CVE-2024-41739 — CVSS 8.8 (high): IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency…
CVE-2024-2208 — CVSS 8.8 (high): Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver…
CVE-2024-44107 — CVSS 8.8 (high): DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker…
CVE-2024-5290 — CVSS 8.8 (high): An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged…
CVE-2024-0670 — CVSS 8.8 (high): Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
CVE-2023-31210 — CVSS 8.8 (high): Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights…
CVE-2023-41117 — CVSS 8.8 (high): An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x…
CVE-2023-28380 — CVSS 8.8 (high): Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially…