CWE-426
High likelihoodUntrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
639 vulnerabilities with CWE-426
CVE-2023-21764
HIGH
Microsoft Exchange Server - Privilege Escalation
CVSS 7.8
CVE-2023-21763
HIGH
Microsoft Exchange Server - Privilege Escalation
CVSS 7.8
CVE-2022-4987
HIGH
Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution
CVSS 7.3
CVE-2022-43456
MEDIUM
Intel(R) RST <16.8.5.1014.5-19.5.2.1049.5 - Privilege Escalation
CVSS 6.7
CVE-2022-35868
MEDIUM
TIA Multiuser Server/V15.1-Project-Server V17 - Privilege Escalation
CVSS 6.7
CVE-2022-4883
HIGH
libXpm < 3.5.15 - Untrusted Search Path via PATH Environment Variable Manipulation
CVSS 8.8
CVE-2022-41953
HIGH
Git < 2.39.1 - Untrusted Search Path via Git GUI Clone Post-Processing
CVSS 8.6
CVE-2022-38060
HIGH
OpenStack Kolla - Privilege Escalation
CVSS 8.8
CVE-2022-23748
HIGH
KEV
mDNSResponder.exe - DLL Sideloading
CVSS 7.8
CVE-2022-31253
HIGH
openSUSE Factory openldap2 <2.6.3-404.1 - Privilege Escalation
CVSS 7.1
CVE-2022-3734
MEDIUM
Redis - Untrusted Search Path
CVSS 6.3
CVE-2022-0074
HIGH
OpenLiteSpeed 1.6.15-1.7.16 - Privilege Escalation via Untrusted Search Path
CVSS 8.8
CVE-2022-39245
HIGH
makedeb/mist < 0.9.5 - Authentication Bypass via PATH Variable Sudo Binary
CVSS 8.4
CVE-2022-36403
HIGH
Device Software Manager <2.20.3.0 - Privilege Escalation
CVSS 7.8
CVE-2022-36070
HIGH
Poetry < 1.1.9 - Arbitrary Code Execution via Untrusted Git Command Path Resolution
CVSS 7.3
CVE-2022-22047
HIGH
KEV
Windows Client Server Run-time Subsystem - Privilege Escalation
CVSS 7.8
CVE-2022-31012
HIGH
Git for Windows <2.37.1 - Code Injection
CVSS 8.2
CVE-2022-28964
HIGH
Avast Premium Security <v21.11.2500 - DoS
CVSS 7.1
CVE-2022-29583
HIGH
kardianos/service - Untrusted Search Path in Windows Service Execution
CVSS 7.8
CVE-2022-24826
CRITICAL
Git LFS 2.12.1-3.1.2 - Untrusted Search Path via Malicious Repository File Execution
CVSS 9.8
CVE-2022-26184
CRITICAL
Poetry < 1.1.9 - Untrusted Search Path on Windows
CVSS 9.8
CVE-2022-26183
HIGH
pnpm < 6.15.1 - Untrusted Search Path on Windows
CVSS 8.8
CVE-2022-26488
HIGH
Python <3.10.3 (Windows) - Privilege Escalation
CVSS 7.0
CVE-2022-25366
HIGH
Cryptomator < 1.6.5 - DYLIB Injection via DYLD_INSERT_LIBRARIES Environment Variable
CVSS 7.8
CVE-2022-0014
MEDIUM
Cortex XDR Agent 5.0-5.0.11, 6.1-6.1.8, 7.2-7.2.3, 7.3-7.3.1 - Untrusted Search Path via Live Terminal Session
CVSS 6.7
Details
Vulnerabilities
639
Exploit Likelihood
High