Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-426

CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426

CVE-2024-53407 LOW

Phiewer 4.1.0 - Untrusted Search Path Leading to Command Execution via Dylib Injection

CVE-2024-48123 HIGH

HI-SCAN 6040i Hitrax HX-03-19-I - RCE

CVE-2024-13158 HIGH

Ivanti Endpoint Manager < 2024 - Authenticated Remote Code Execution via Unbounded Resource Search Path

CVE-2024-53866 CRITICAL

pnpm < 9.15.0 - Untrusted Search Path via Global Cache Override Leak

CVE-2024-11454 HIGH

Autodesk Revit 2025-2025.4 - Untrusted Search Path DLL Loading

CVE-2024-45207 HIGH

Veeam Agent for Windows - Code Injection

CVE-2024-50986 HIGH

Clementine 1.3.1 - Untrusted Search Path

CVE-2024-49515 HIGH

Substance3D - Painter <10.1.0 - Code Injection

CVE-2024-36507 HIGH

Fortinet FortiClientWindows <7.4.0 - RCE

CVE-2024-49043 HIGH

Microsoft SQL Server 2016-2022 Remote Code Execution via Untrusted Search Path

CVE-2024-47906 HIGH

Ivanti Connect Secure <22.7R2.3 - Privilege Escalation

CVE-2024-7995 HIGH

Autodesk VRED 2025-2025.2 - Privilege Escalation via Untrusted Search Path

CVE-2024-47422 HIGH

Adobe Framemaker <2020.6, 2022.4 - RCE

CVE-2024-43616 HIGH

Microsoft 365 Apps and Office - Remote Code Execution via Untrusted Search Path

CVE-2024-43576 HIGH

Microsoft 365 Apps - Remote Code Execution via Untrusted Search Path

CVE-2024-8733 HIGH

HP One Agent - Privilege Escalation

CVE-2024-9325 HIGH

Intelbras InControl <2.21.56 - Unquoted Search Path

CVE-2024-6769 MEDIUM

Microsoft Windows <2022 - Privilege Escalation

CVE-2024-44103 HIGH

Ivanti Workspace Control < 10.18.99.0 - Authenticated DLL Hijacking

CVE-2024-45281 MEDIUM

SAP BusinessObjects - Privilege Escalation

CVE-2024-6473 HIGH

Yandex Browser <24.7.1.380 - DLL Hijacking

CVE-2024-5623 HIGH

B&R APROL <= R 4.4-00P3 - Privilege Escalation

CVE-2024-5622 HIGH

B&R APROL <4.2.07P3, <4.4-00P3 - Privilege Escalation

CVE-2024-38305 HIGH

Dell SupportAssist <4.0.3 - Privilege Escalation

CVE-2024-7886 HIGH

Scooter Software Beyond Compare <3.3.5.15075 - Path Traversal

Previous Page 6 of 26 Next

Details

Vulnerabilities 639

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy