Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,171 vulnerabilities with CWE-427

CVE-2024-53977 MEDIUM

ModelSim Questa < V2025.1 - Code Injection

CVE-2024-48091 HIGH

Tally Prime Edit Log <2.1 - Code Injection

CVE-2024-57426 HIGH

NetMod VPN Client <5.3.1 - Code Injection

CVE-2024-2658 HIGH

FlexNet Publisher <2024 R1 - Privilege Escalation

CVE-2024-9499 HIGH

USBXpress Win 98SE Dev Kit - Privilege Escalation

CVE-2024-9498 HIGH

USBXpress SDK - Privilege Escalation

CVE-2024-9497 HIGH

USBXpress 4 SDK - Privilege Escalation

CVE-2024-9496 HIGH

USBXpress Dev Kit - Privilege Escalation

CVE-2024-9495 HIGH

CP210x VCP Windows - Privilege Escalation

CVE-2024-9494 HIGH

CP210 VCP Win 2k - Privilege Escalation

CVE-2024-9493 HIGH

ToolStick - Privilege Escalation/Arbitrary Code Execution

CVE-2024-9492 HIGH

Flash Programming Utility - Privilege Escalation/Arbitrary Code Exe...

CVE-2024-9491 HIGH

Configuration Wizard 2 - Privilege Escalation

CVE-2024-9490 HIGH

Silicon Labs 8-bit IDE - Privilege Escalation

CVE-2024-41739 HIGH

IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data - Unauthorized Actions via Dependency Confusion

CVE-2024-53588 HIGH

iTop VPN 16.0 - Uncontrolled Search Path Element via ProgramData Downloader Directory

CVE-2024-55543 HIGH

Acronis Cyber Protect 16 (Windows) < build 39169 - Local Privilege Escalation via DLL Hijacking

CVE-2024-55540 HIGH

Acronis Cyber Protect 16 < 39169 - Local Privilege Escalation via DLL Hijacking

CVE-2024-55955 MEDIUM

Trend Micro Deep Security Agent 20.0.1-9400-20.0.1-23340 - Privilege Escalation via Incorrect Permissions Assignment

CVE-2024-47576 LOW

SAP Product Lifecycle Costing Client <4.7.1 - Command Injection

CVE-2024-9852 HIGH

Mitsubishi Electric - Local Privilege Escalation

CVE-2024-8299 HIGH

Mitsubishi Electric - Local Privilege Escalation

CVE-2024-7253 HIGH

NoMachine 7.0-7.15.6 - Local Privilege Escalation via Uncontrolled Search Path in nxnode.exe

CVE-2024-7244 HIGH

Panda Security Dome - Uncontrolled Search Path Element in VPN Process

CVE-2024-30376 HIGH

Famatech Advanced IP Scanner - Local Privilege Escalation via Unsecured Qt Plugin Loading

Previous Page 14 of 47 Next

Details

Vulnerabilities 1,171

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy