Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426

CVE-2020-12892 HIGH

AMD Radeon settings Installer - Privilege Escalation/Code Execution

CVE-2020-35686 HIGH

Sound Research DCHU Model Software Component Modules < 2.0.9.17 - Privilege Escalation via DLL Hijacking

CVE-2020-29482 MEDIUM

Xen < 4.14.0 - Denial of Service via Xenstore Path Length Limit Bypass

CVE-2020-4739 HIGH

IBM DB2 9.7-11.5 - Authenticated DLL Search Order Hijacking

CVE-2020-27695 HIGH

Trend Micro Security 2020 < 16.0 - DLL Hijacking via Installer Package

CVE-2020-6014 MEDIUM

Check Point Endpoint Security Client <E83.20 - Code Injection

CVE-2020-5144 HIGH

SonicWall Global VPN Client < 4.10.4.0314 - Privilege Escalation via Process Hijacking

CVE-2020-6023 HIGH

Check Point ZoneAlarm <15.8.139.18543 - Privilege Escalation

CVE-2020-5977 HIGH

NVIDIA GeForce Experience <3.20.5.70 - RCE

CVE-2020-8338 HIGH

Lenovo Diagnostics <4.35.4 - Code Injection

CVE-2020-6654 HIGH

Eaton 9000x Programming and Configuration Software < 2.0.38 - DLL Hijacking via vci11un6.DLL and cinpl.DLL

CVE-2020-10733 HIGH

PostgreSQL 9.5-12 - Untrusted Search Path via Windows Installer Executable Path

CVE-2020-0570 HIGH

Qt < 5.14.0, 5.12.7, 5.9.10 - Untrusted Search Path

CVE-2020-7315 MEDIUM

McAfee Agent < 5.6.6 - DLL Injection via Untrusted Search Path

CVE-2020-4545 HIGH

IBM Aspera Connect < 3.9.9 - Remote Code Execution via DLL Hijacking in Import Feature

CVE-2020-14350 HIGH

PostgreSQL < 9.5.23 - Untrusted Search Path in Extension Installation Scripts

CVE-2020-10610 HIGH

OSIsoft PI System - Privilege Escalation

CVE-2020-8317 HIGH

Lenovo Drivers Management <2.7.1128.1046 - Privilege Escalation

CVE-2020-15009 HIGH

ASUS ScreenPad2 Upgrade Tool - Service Path Unsigned Code Execution

CVE-2020-15801 CRITICAL

Python 3.8.4 - Untrusted Search Path via sys.path Restriction Bypass

CVE-2020-9673 HIGH

Adobe ColdFusion 2016 <= update 15 and 2018 <= update 9 - DLL Search-Order Hijacking

CVE-2020-9672 HIGH

Adobe ColdFusion 2016 <= update 15 and 2018 <= update 9 - DLL Search-Order Hijacking

CVE-2020-15602 HIGH

Trend Micro Security 2020 < 16.0.1146 - Untrusted Search Path Remote Code Execution via DLL Loading

CVE-2020-1458 HIGH

Microsoft 365 Apps - Remote Code Execution via Untrusted Search Path

CVE-2020-11081 MEDIUM

osquery <4.4.0 - Privilege Escalation

Previous Page 12 of 26 Next

Details

Vulnerabilities 639

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy