Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,133 vulnerabilities with CWE-427

CVE-2026-25852 MEDIUM

Acronis DeviceLock Dlp < 9.0.93212 - Privilege Escalation

CVE-2026-41373 MEDIUM

OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy

CVE-2026-7279 HIGH

eMPIA Technology｜AVACAST - DLL Hijacking

CVE-2026-42171 HIGH

Nullsoft Scriptable Install System <3.12 - Privilege Escalation

CVE-2026-32172 HIGH

Microsoft Power Apps Remote Code Execution Vulnerability

CVE-2026-34488 HIGH

i-PRO IP Setting Software <V5.20 - DLL Hijacking

CVE-2026-32679 HIGH

Downloader5Installer.exe 1.0.0.0 - DLL Hijacking

CVE-2026-40342 CRITICAL

Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

CVE-2026-6421 HIGH

Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path

CVE-2026-22619 HIGH

Eaton IPP software <2.0 - Code Injection

CVE-2026-34632 HIGH

Photoshop Installer | CWE-427: Uncontrolled Search Path Element

CVE-2026-4134 HIGH

Lenovo Software Fix <7.5.5.19 - Privilege Escalation

CVE-2026-1636 MEDIUM

Lenovo Service Bridge <5.0.2.20 - Privilege Escalation

CVE-2026-5397 HIGH

Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

CVE-2026-5055 HIGH

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

CVE-2026-4158 HIGH

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

CVE-2026-28704 HIGH

Emocheck - DLL Hijacking

CVE-2026-30478 HIGH

GatewayGeo MapServer for Windows 5 - Privilege Escalation via DLL Injection

CVE-2026-40031 HIGH

MemProcFS < 5.17 DLL/Shared Library Hijacking

CVE-2026-28728 MEDIUM

Acronis True Image < 42902 - Privilege Escalation

CVE-2026-27774 MEDIUM

Acronis True Image < 42902 - Privilege Escalation

CVE-2026-5271 HIGH

Possible to hijack modules in current working directory

CVE-2026-3775 HIGH

Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

CVE-2026-22561 HIGH

Anthropic Claude Desktop - Windows < 1.1.3363 - Privilege Escalation

CVE-2026-34054 HIGH

openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

Page 1 of 46 Next

Details

Vulnerabilities 1,133

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy