CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2023-34145 HIGH
Trend Micro Apex One - Privilege Escalation
CVSS 7.8
CVE-2023-34144 HIGH
Trend Micro Apex One - Privilege Escalation
CVSS 7.8
CVE-2023-30330 CRITICAL
SoftExpert Excellence Suite 2.0-2.1.2 - Local File Inclusion via defaultframe_filter.php
CVSS 9.8
CVE-2023-29790 HIGH
kodbox 1.2.0-1.3.7 - Sensitive Information Leakage
CVSS 7.5
CVE-2023-28143 MEDIUM
Qualys Cloud Agent 2.5.1-75-3.7 - Local Privilege Escalation via Incorrect File Permissions
CVSS 6.7
CVE-2023-27771 HIGH
Wondershare Creative Centerr 1.0.8 - Remote Code Execution via wondershareCC_setup_full10819.exe
CVSS 7.8
CVE-2023-27770 HIGH
Wondershare Edraw Max 12.0.4 - Remote Code Execution via Setup Executable
CVSS 7.8
CVE-2023-27769 HIGH
Wondershare PDF Reader 1.0.1 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27768 HIGH
Wondershare PDFelement 9.1.1 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27767 HIGH
Wondershare Dr.Fone 12.4.9 - Remote Code Execution via drfone_setup_full3360.exe
CVSS 7.8
CVE-2023-27766 HIGH
Wondershare Anireel 1.5.4 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27765 HIGH
Wondershare Recoverit 10.6.3 - Remote Code Execution via recoverit_setup_full4134.exe
CVSS 7.8
CVE-2023-27764 HIGH
Wondershare Repairit 3.5.4 - Remote Code Execution via repairit_setup_full5913.exe
CVSS 7.8
CVE-2023-27763 HIGH
Wondershare MobileTrans 4.0.2 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27762 HIGH
Wondershare DemoCreator 6.0.0 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27761 HIGH
Wondershare UniConverter 14.0.0 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27760 HIGH
Wondershare Filmora 12.0.9 - Remote Code Execution via Untrusted Search Path
CVSS 7.8
CVE-2023-27759 HIGH
Wondershare EdrawMind 10.0.6 - Remote Code Execution via WindowsCodescs.dll
CVSS 7.8
CVE-2023-26358 HIGH
Adobe Creative Cloud < 5.10 - Untrusted Search Path
CVSS 8.6
CVE-2023-26038 MEDIUM
ZoneMinder <1.36.33-1.37.33 - Local File Inclusion
CVSS 5.4
CVE-2023-26036 HIGH
ZoneMinder <1.36.33-1.37.33 - Local File Inclusion
CVSS 8.1
CVE-2023-23920 MEDIUM
Node.js <19.6.1-<14.21.3 - Privilege Escalation
CVSS 4.2
CVE-2023-22368 HIGH
ELECOM Camera Assistant <1.00-QuickFileDealer <1.2.1 - Privilege Es...
CVSS 7.8
CVE-2023-23618 HIGH
Git for Windows < 2.39.2 - Untrusted Search Path via gitk Execution
CVSS 8.6
CVE-2023-22743 HIGH
Git for Windows < 2.39.2 - Untrusted Search Path via DLL Side-Loading
CVSS 7.2
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits