Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-29802 HIGH

Visual Studio 2022 17.8.0-17.8.19 - Authenticated Privilege Escalation via Uncontrolled Search Path Element

CVE-2025-22458 HIGH

Ivanti Endpoint Manager < 2024 SU1 and < 2022 SU7 - Authenticated DLL Hijacking

CVE-2025-3051 MEDIUM

Linux::Statm::Tiny < 0.0701 - Untrusted Code Execution via Current Working Directory

CVE-2025-30673 MEDIUM

Sub::HandlesVia < 0.050002 - Untrusted Code Loading via Current Working Directory

CVE-2025-30672 MEDIUM

Mite for Perl <0.013000 - Code Injection

CVE-2025-26631 HIGH

Visual Studio Code < 1.98.0 - Authenticated Privilege Escalation via Uncontrolled Search Path Element

CVE-2025-25003 HIGH

Visual Studio - Privilege Escalation

CVE-2025-24998 HIGH

Visual Studio - Privilege Escalation

CVE-2025-1804 HIGH

Blizzard Battle.Net <2.39.0.15212 - Path Traversal

CVE-2025-1223 MEDIUM

Citrix Secure Access Client for Mac - Privilege Escalation

CVE-2025-26624 MEDIUM

Rufus <4.6.2208 - Privilege Escalation

CVE-2025-24039 HIGH

Visual Studio Code < 1.97.1 - Elevation of Privilege via Uncontrolled Search Path Element

CVE-2025-21206 HIGH

Visual Studio 2017, 2019, 2022 - Elevation of Privilege via Uncontrolled Search Path

CVE-2025-21127 HIGH

Adobe Photoshop 25.0-25.12, 26.0-26.1 - Uncontrolled Search Path Element via Environment Variable Manipulation

CVE-2025-0069 HIGH

SAPSetup - Uncontrolled Search Path Element

CVE-2024-36333 HIGH

AMD Cleanup Utility - DLL Hijacking

CVE-2024-47091 HIGH

Privilege escalation via mk_mysql agent plugin on Windows

CVE-2024-13976 HIGH

Commvault for Windows <11.20.0-11.36.0 - Code Injection

CVE-2024-24916 MEDIUM

Check Point SmartConsole - Uncontrolled Search Path Element

CVE-2024-42191 MEDIUM

HCL Traveler for Microsoft Outlook < 3.0.12 - COM Hijacking via Uncontrolled Search Path Element

CVE-2024-42190 MEDIUM

HCL Traveler for Microsoft Outlook < 3.0.12 - DLL Hijacking

CVE-2024-13946 MEDIUM

ASPECT-Enterprise <3.* - Binary Planting

CVE-2024-47800 MEDIUM

Intel(R) Graphics Driver - Privilege Escalation

CVE-2024-47795 MEDIUM

Intel(R) oneAPI DPC++/C++ Compiler <2025.0.0 - Privilege Escalation

CVE-2024-46895 MEDIUM

Intel Arc & Iris Xe Graphics <32.0.101.6083 - Privilege Escalation

Previous Page 12 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy