Vulnerabilities > GOG > Galaxy > 2.0.28.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-26807 | Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9 GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | 7.8 |
| 2020-08-21 | CVE-2020-24574 | Use of Hard-coded Credentials vulnerability in GOG Galaxy The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. | 7.8 |