Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426

CVE-2025-1755 HIGH

MongoDB Compass <1.42.1 - Privilege Escalation

CVE-2025-1068 HIGH

Esri ArcGIS AllSource <1.2.1-1.3.1 - Privilege Escalation

CVE-2025-26624 MEDIUM

Rufus <4.6.2208 - Privilege Escalation

CVE-2025-1353 HIGH

Kong Insomnia <10.3.0 - Path Traversal

CVE-2025-24830 MEDIUM

Acronis Cyber Protect Cloud Agent <39378 - Privilege Escalation

CVE-2025-24829 MEDIUM

Acronis Cyber Protect Cloud Agent <39378 - Privilege Escalation

CVE-2025-24828 MEDIUM

Acronis Cyber Protect Cloud Agent <39378 - Privilege Escalation

CVE-2025-24827 MEDIUM

Acronis Cyber Protect Cloud Agent <39378 - Privilege Escalation

CVE-2025-0145 MEDIUM

Zoom Workplace Apps < - Privilege Escalation

CVE-2025-24789 HIGH

Snowflake JDBC 3.2.3-3.21.0 - Privilege Escalation via EXTERNALBROWSER Authentication on Windows

CVE-2025-0733 MEDIUM

Postman < 11.20 - Untrusted Search Path via profapi.dll

CVE-2025-0732 MEDIUM

Discord < 1.0.9177 - Untrusted Search Path in profapi.dll

CVE-2025-0707 HIGH

Rise Group Rise Mode Temp CPU <2.1 - Path Traversal

CVE-2025-0567 MEDIUM

Epic Games Launcher <17.2.1 - Path Traversal

CVE-2025-21399 HIGH

Microsoft Edge Update < 1.3.195.43 - Elevation of Privilege via Untrusted Search Path

CVE-2025-21365 HIGH

Microsoft 365 Apps and Office Long Term Servicing Channel - Remote Code Execution via Untrusted Search Path

CVE-2025-0459 MEDIUM

libretro RetroArch <1.19.1 - Path Traversal

CVE-2024-21923 HIGH

AMD StoreMI - Privilege Escalation via Untrusted Search Path

CVE-2024-21922 HIGH

AMD StoreMI - DLL Hijacking

CVE-2024-14012 HIGH

Revenera InstallShield <2023 R1 - Privilege Escalation

CVE-2024-12168 HIGH

Yandex Telemost for Desktop < 2.7.0 - DLL Hijacking via Untrusted Search Path

CVE-2024-58250 CRITICAL

ppp < 2.5.2 - Privilege Escalation via Passprompt Plugin

CVE-2024-3220 LOW

CPython < 3.14.0 - Untrusted Search Path in mimetypes Module

CVE-2024-13524 MEDIUM

OBS Studio <30.0.2 - Untrusted Search Path

CVE-2024-55503 LOW

termius < 9.9.0 - Untrusted Search Path via DYLD_INSERT_LIBRARIES

Previous Page 5 of 26 Next

Details

Vulnerabilities 639

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy