CWE-426
High likelihoodUntrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
626 vulnerabilities with CWE-426
CVE-2025-0567
MEDIUM
Epic Games Launcher <17.2.1 - Path Traversal
CVSS 4.5
CVE-2025-21399
HIGH
Microsoft Edge Update < 1.3.195.43 - Untrusted Search Path
CVSS 7.4
CVE-2025-21365
HIGH
Microsoft 365 Apps - Untrusted Search Path
CVSS 7.8
CVE-2025-0459
MEDIUM
libretro RetroArch <1.19.1 - Path Traversal
CVSS 5.3
CVE-2024-21923
HIGH
AMD StoreMI - Privilege Escalation
CVSS 7.3
CVE-2024-21922
HIGH
AMD StoreMI - Privilege Escalation
CVSS 7.3
CVE-2024-14012
HIGH
Revenera InstallShield <2023 R1 - Privilege Escalation
CVE-2024-12168
HIGH
Yandex Telemost - Untrusted Search Path
CVSS 7.8
CVE-2024-58250
CRITICAL
ppp <2.5.2 - Privilege Escalation
CVSS 9.3
CVE-2024-3220
LOW
CPython - Memory Corruption
CVE-2024-13524
MEDIUM
OBS Studio <30.0.2 - Untrusted Search Path
CVSS 4.5
CVE-2024-55503
LOW
Termius < 9.9.0 - Untrusted Search Path
CVSS 3.3
CVE-2024-53407
LOW
Phiewer - Untrusted Search Path
CVSS 3.3
CVE-2024-48123
HIGH
HI-SCAN 6040i Hitrax HX-03-19-I - RCE
CVSS 8.4
CVE-2024-13158
HIGH
Ivanti EPM - Remote Code Execution
CVSS 7.2
CVE-2024-53866
CRITICAL
pnpm <9.15.0 - Code Injection
CVSS 9.8
CVE-2024-11454
HIGH
Autodesk Revit - Code Injection
CVSS 7.8
CVE-2024-45207
HIGH
Veeam Agent for Windows - Code Injection
CVSS 7.0
CVE-2024-50986
HIGH
Clementine - Untrusted Search Path
CVSS 7.3
CVE-2024-49515
HIGH
Substance3D - Painter <10.1.0 - Code Injection
CVSS 7.8
CVE-2024-36507
HIGH
Fortinet FortiClientWindows <7.4.0 - RCE
CVSS 7.3
CVE-2024-49043
HIGH
Microsoft Sql Server 2016 < 13.0.6455.2 - Untrusted Search Path
CVSS 7.8
CVE-2024-47906
HIGH
Ivanti Connect Secure <22.7R2.3 - Privilege Escalation
CVSS 7.8
CVE-2024-7995
HIGH
VRED Design - Privilege Escalation
CVSS 7.8
CVE-2024-47422
HIGH
Adobe Framemaker <2020.6, 2022.4 - RCE
CVSS 7.8
Details
Vulnerabilities
626
Exploit Likelihood
High