A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level perm
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with adminis
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4,
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the
ToolStick
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1.
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code exec
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).
This issue affects: Comma
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administ
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users t
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perfor
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.
Windows Hyper-V Remote Code Execution Vulnerability
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrat
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.