Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

643 vulnerabilities with CWE-426

CVE-2017-2177 HIGH

Shogyo Touki Denshi Ninsho <1.7 - Privilege Escalation

CVE-2017-2176 HIGH

JASDF Screensavers - Untrusted Search Path

CVE-2017-2175 HIGH

Empirical Project Monitor - Privilege Escalation

CVE-2017-2167 HIGH

PrimeDrive Desktop App <1.4.4 - RCE

CVE-2017-2157 HIGH

The Public Certification Service - Privilege Escalation

CVE-2017-5236 HIGH

Rapid7 AppSpider Pro <6.14.060 - DLL Preloading

CVE-2017-2156 HIGH

Vivaldi <1.7.735.48 - Code Injection

CVE-2017-2149 HIGH

Software Update Tool <1.00.03 - Path Traversal

CVE-2017-2130 HIGH

PhishWall Client Internet Explorer <3.7.13 - Privilege Escalation

CVE-2017-2108 HIGH

PrimeDrive Desktop App <1.4.3 - Privilege Escalation

CVE-2017-2107 HIGH

7-ZIP32.DLL <9.22.00.01 - Privilege Escalation

CVE-2017-3007 HIGH

Adobe Creative Cloud - Untrusted Search Path

CVE-2017-6189 HIGH

Amazon Kindle for PC < 1.17.44183 - Untrusted Search Path DLL Hijacking

CVE-2017-2983 HIGH

Adobe Shockwave <= 12.2.7.197 - DLL Hijacking

CVE-2017-6798 HIGH

Trend Micro Endpoint Sensor <1.6 - RCE

CVE-2017-5235 HIGH

Rapid7 Metasploit Pro <4.13.0-2017022101 - DLL Preloading

CVE-2017-5234 HIGH

Rapid7 Insight Collector <1.0.16 - Code Injection

CVE-2017-5233 HIGH

Rapid7 AppSpider Pro <6.14.053 - Code Injection

CVE-2017-5232 HIGH

Rapid7 Nexpose <6.4.24 - DLL Preloading

CVE-2016-6593 HIGH

Symantec VIP Access Desktop <2.2.2 - RCE

CVE-2016-10837 HIGH

cPanel 11.48.0.5-11.48.5.2 - Remote Code Execution via Unsafe @INC Path

CVE-2016-6803 HIGH

Apache OpenOffice < 4.1.3 - Untrusted Search Path

CVE-2016-8746 MEDIUM

Apache Ranger <0.6.3 - Info Disclosure

CVE-2016-7838 HIGH

WinSparkle < 0.5.3 - Untrusted Search Path

CVE-2016-4902 HIGH

The Public Certification Service for Individuals < 2.6 and < 3.0.1 - Untrusted Search Path

Previous Page 24 of 26 Next

Details

Vulnerabilities 643

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy