Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-27997 HIGH

Blizzard Battle.net 2.40.0.15267 - Privilege Escalation via C:\ProgramData Directory

CVE-2025-4769 HIGH

CBEWIN Anytxt Searcher 1.3.1128.0 - Uncontrolled Search Path

CVE-2025-43553 HIGH

Substance 3D Modeler < 1.22.0 - Uncontrolled Search Path Element

CVE-2025-21099 MEDIUM

Intel(R) Graphics - Privilege Escalation

CVE-2025-20108 MEDIUM

Intel(R) Network Adapter Driver <29.4 - Privilege Escalation

CVE-2025-20079 MEDIUM

Intel(R) Advisor - Privilege Escalation

CVE-2025-20043 MEDIUM

Intel RealSense SDK <2.56.2 - Privilege Escalation

CVE-2025-20041 MEDIUM

Intel(R) Graphics <32.0.101.6325/32.0.101.6252 - Privilege Escalation

CVE-2025-20015 MEDIUM

Intel(R) Ethernet Connection <29.4 - Privilege Escalation

CVE-2025-32917 HIGH

Checkmk < 2.4.0b7, < 2.3.0p32, < 2.2.0p42, 2.1.0p49 - Privilege Escalation via jar_signature Agent Plugin

CVE-2025-35471 HIGH

conda-forge miniforge < 24.5.0 and openssl-feedstock < 2024-05-20 - Uncontrolled Search Path Element in OPENSSLDIR

CVE-2025-4539 HIGH

ToDesk 4.7.6.3 - Uncontrolled Search Path Element in profapi.dll

CVE-2025-4532 HIGH

Shanghai Bairui Information Technology SunloginClient 15.8.3.19819 ...

CVE-2025-4525 HIGH

Discord 1.0.9188 - Uncontrolled Search Path Element in WINSTA.dll

CVE-2025-4455 HIGH

Patch My PC Home Updater <5.1.3.0 - Uncontrolled Search Path

CVE-2025-4272 HIGH

Mechrevo Control Console 1.0.2.70 - Uncontrolled Search Path

CVE-2025-23177 HIGH

Ribbon Communications Apollo 9608 - Uncontrolled Search Path Element

CVE-2025-2769 HIGH

Bdrive NetDrive - Local Privilege Escalation via OpenSSL Configuration File

CVE-2025-2768 HIGH

Bdrive NetDrive - Local Privilege Escalation via OpenSSL Configuration File

CVE-2025-43950 HIGH

DPMAdirektPro 4.1.5 - Privilege Escalation

CVE-2025-32780 HIGH

BleachBit < 4.9.0 - Unauthenticated DLL Hijacking via uuid.dll in WindowsApps Directory

CVE-2025-29817 MEDIUM

Power Automate for Desktop < 2.51.349.24355 - Authenticated Information Disclosure via Uncontrolled Search Path Element

CVE-2025-29803 HIGH

SQL Server Management Studio < 20.2.1 - Privilege Escalation via Uncontrolled Search Path

CVE-2025-2630 HIGH

NI LabVIEW < 2025 Q1 - Uncontrolled Search Path Element

CVE-2025-2629 HIGH

NI LabVIEW < 2025 Q1 - DLL Hijacking via Uncontrolled Search Path

Previous Page 11 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy