Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-53395 HIGH

Paramount Macrium Reflect <2025-06-26 - Code Injection

CVE-2025-53394 HIGH

Paramount Macrium Reflect <2025-06-26 - RCE

CVE-2025-25011 HIGH

Elastic Beats 8.0.0-9.0.2 - Local Privilege Escalation via Insecure Directory Permissions

CVE-2025-0712 HIGH

Elastic APM Server 8.16-8.16.1 and 8.17 - Local Privilege Escalation via Insecure Directory Permissions

CVE-2025-7676 MEDIUM

Windows 11 on ARM PE32 Executables - DLL Hijacking Code Execution

CVE-2025-7427 MEDIUM

Arm Development Studio <2025 - Local Code Execution

CVE-2025-1729 MEDIUM

TrackPoint Quick Menu - Privilege Escalation

CVE-2025-1700 HIGH

Motorola Software Fix - Privilege Escalation

CVE-2025-7472 HIGH

Intercept X for Windows <1.22 - Privilege Escalation

CVE-2025-34109 HIGH

Panda Security Products <16.1.2 - Code Injection

CVE-2025-48496 MEDIUM

Emerson ValveLink SOLO < 14.0 - Uncontrolled Search Path Element

CVE-2025-36004 HIGH

IBM i 7.2-7.5 - Privilege Escalation via Unqualified Library Call in Facsimile Support

CVE-2025-49144 HIGH

Notepad++ <8.8.1 - Privilege Escalation

CVE-2025-4981 CRITICAL

Mattermost <=10.5.5, <=9.11.15, <=10.8.0, <=10.7.2, <=10.6.5 - Authenticated Arbitrary File Write via Path Traversal

CVE-2025-5981 MEDIUM

osv-scalibr 0.1.3-0.1.7 and 0.1.3-0.2.0 - Arbitrary File Write via Path Traversal in unpack() Function

CVE-2025-49487 MEDIUM

Trend Micro Worry-Free Business Security Services 6.7.0.0-6.7.3954 - Uncontrolled Search Path Element

CVE-2025-49158 MEDIUM

Trend Micro Apex One < 14.0.14492 and 14.0.0.12994-14.0.0.14002 - Privilege Escalation via Uncontrolled Search Path

CVE-2025-49155 HIGH

Trend Micro Apex One < 14.0.14492 and 14.0.0.12994-14.0.0.14002 - Uncontrolled Search Path Element

CVE-2025-33122 HIGH

IBM i 7.2-7.6 - Privilege Escalation via Unqualified Library Call in Advanced Job Scheduler

CVE-2025-49148 HIGH

ClipShare Server for Windows < 3.8.5 - Local DLL Search Path Code Execution

CVE-2025-5480 HIGH

Action1 Agent < 5.218.620.1 - Local Privilege Escalation via OpenSSL Configuration File

CVE-2025-30167 HIGH

Jupyter Core <5.8.0 - Info Disclosure

CVE-2025-5180 HIGH

Wondershare Filmora 14.5.16 - Uncontrolled Search Path in Installer

CVE-2025-5129 HIGH

Sangfor aTrust 2.3.10.60 - Uncontrolled Search Path Element in MSASN1.dll

CVE-2025-2272 HIGH

Forcepoint FIE Endpoint <25.05 - Privilege Escalation

Previous Page 10 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy