Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426

CVE-2025-39666 HIGH

omd: Local privilege escalation when executing omd commands as root

CVE-2025-15569 HIGH

Artifex MuPDF <1.26.1 - Path Traversal

CVE-2025-15321 LOW

Tanium TanOS 1.8.3-1.8.3.0196 - Incorrect Authorization

CVE-2025-13491 MEDIUM

IBM App Connect Enterprise <12.19.0-12.0 - Info Disclosure

CVE-2025-65078 CRITICAL

Lexmark - Code Injection

CVE-2025-12793 HIGH

MyASUS AsusSoftwareManagerAgent - Uncontrolled DLL Loading Code Execution

CVE-2025-67722 HIGH

FreePBX 16.0-16.0.45 - Authenticated Local Privilege Escalation via Deprecated amportal Script

CVE-2025-64785 HIGH

Adobe Acrobat and Reader < 20.005.30838 and < 25.001.20997 - Untrusted Search Path

CVE-2025-12819 HIGH

PgBouncer < 1.25.1 - Unauthenticated SQL Injection via StartupMessage Search Path

CVE-2025-49642 MEDIUM

Zabbix Agent - Local Privilege Escalation

CVE-2025-26155 CRITICAL

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 - Untrusted Search Path

CVE-2025-13433 HIGH

Muse Group MuseHub 2.1.0.1567 - Path Traversal

CVE-2025-60718 HIGH

Windows Administrator Protection - Privilege Escalation

CVE-2025-43079 MEDIUM

Qualys Cloud Agent - Command Injection

CVE-2025-12286 HIGH

VeePN <1.6.2 - Unquoted Search Path

CVE-2025-12247 HIGH

Hasleo Backup Suite <5.2 - Path Traversal

CVE-2025-11940 HIGH

LibreWolf <143.0.4-1 - Path Traversal

CVE-2025-59489 HIGH

Unity Runtime <2025-10-02 - Code Injection

CVE-2025-9267 HIGH

Seagate Toolkit < 2.35.0.6 - Untrusted Search Path DLL Loading

CVE-2025-9016 HIGH

Mechrevo Control Center GX V2 5.56.51.48 - Uncontrolled Search Path in Powershell Script Handler

CVE-2025-9000 HIGH

Mechrevo Control Center GX V2 5.56.51.48 - Untrusted Search Path in reg File Handler

CVE-2025-49457 CRITICAL

Zoom Meeting SDK < 6.3.10 - Unauthenticated Privilege Escalation via Untrusted Search Path

CVE-2025-49456 MEDIUM

Zoom Meeting SDK < 6.4.10 - Unauthenticated Race Condition via Installer

CVE-2025-5039 HIGH

Autodesk Infrastructure Parts Editor < 2026.0.2 - Untrusted Search Path

CVE-2025-23266 CRITICAL

NVIDIA Container Toolkit < 1.17.8 - Untrusted Search Path via Container Initialization Hooks

Previous Page 3 of 26 Next

Details

Vulnerabilities 639

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy