CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0459 – libretro RetroArch Startup profapi.dll untrusted search path
https://notcve.org/view.php?id=CVE-2025-0459
14 Jan 2025 — A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.291476 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-28927
https://notcve.org/view.php?id=CVE-2021-28927
07 Apr 2021 — The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. El motor de text-to-speech en libretro RetroArch para Windows versión 1.9.0 pasa la entrada no saneada a PowerShell mediante el archivo platform_win32.c por me... • http://libretro.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •