Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426

CVE-2018-18367 HIGH

Symantec Endpoint Protection Manager <= 12.1 RU6 MP9 and < 14.2 RU1 - DLL Preloading

CVE-2018-18369 HIGH

Norton Security < 22.16.3 and Symantec Endpoint Protection Cloud < 22.16.3 - DLL Preloading

CVE-2018-10959 HIGH

Avecto Defendpoint 4.0-4.4.267.0 - Untrusted Search Path via Environment Variable Manipulation

CVE-2018-18913 HIGH

Opera < 57.0.3098.106 - DLL Search Order Hijacking via Malicious ZIP Archive

CVE-2018-16190 HIGH

LHMelting < 1.65.3.6 and UNARJ32.DLL < 1.10.1.25 - Untrusted Search Path

CVE-2018-16189 HIGH

unlha32.dll < 3.00 - Untrusted Search Path

CVE-2018-18364 HIGH

Symantec Ghost Solution Suite < 3.3 RU1 - DLL Hijacking via Untrusted Search Path

CVE-2018-18333 HIGH

Trend Micro Antivirus+ Security < 15.0.0.1163 - DLL Hijacking

CVE-2018-15983 HIGH

Flash Player < 31.0.0.153 - Privilege Escalation via DLL Hijacking

CVE-2018-16182 HIGH

MARKET SPEED < 16.4 - Untrusted Search Path via Trojan Horse DLL

CVE-2018-16176 HIGH

JAEA Mapping Tool 2.0.1.6 and 2.0.1.7 - Untrusted Search Path

CVE-2018-0667 HIGH

INplc SDK Express and Pro+ < 3.08 - Untrusted Search Path

CVE-2018-1888 MEDIUM

IBM i Access < 7.1 - Untrusted Search Path via LoadLibrary DLL Hijacking

CVE-2018-18629 HIGH

Keybase < 2.8.0-20181023124437 - Untrusted Search Path Privilege Escalation via keybase-redirector

CVE-2018-7365 MEDIUM

ZTE uSmartView < 5.01.05 - Untrusted Search Path

CVE-2018-12245 HIGH

Symantec Endpoint Protection <14.2 MP1 - DLL Preloading

CVE-2018-19486 CRITICAL

Git < 2.19.2 - Untrusted Search Path via run_command() API

CVE-2018-18519 HIGH

Best Free Keylogger < 5.2.9 - Privilege Escalation via Insecure File Permissions

CVE-2018-0692 HIGH

Baidu Spark Browser < 43.23.1000.500 - Untrusted Search Path Vulnerability

CVE-2018-1802 HIGH

IBM DB2 9.7, 10.1, 10.5, 11.1 - Untrusted Search Path

CVE-2018-15974 HIGH

Adobe Framemaker < 14.0.361 - Untrusted Search Path

CVE-2018-17980 HIGH

NoMachine < 5.3.27 and 6.x < 6.3.6 - Untrusted Search Path via Trojan Horse wintab32.dll

CVE-2018-12449 HIGH

The Whale browser installer <0.4.3.0 - Code Injection

CVE-2018-6700 HIGH

McAfee True Key < 5.1.165 - DLL Search Order Hijacking

CVE-2018-0649 HIGH

ESET Internet Security - Untrusted Search Path

Previous Page 16 of 26 Next

Details

Vulnerabilities 639

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy