Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,171 vulnerabilities with CWE-427

CVE-2023-24016 MEDIUM

Intel(R) Quartus(R) Prime - Privilege Escalation

CVE-2023-23577 MEDIUM

ITE Tech Consumer Infrared Driver < 5.5.2.1 - Authenticated Privilege Escalation via Uncontrolled Search Path

CVE-2023-22841 MEDIUM

Intel Server Firmware Update Utility < 16.0.7 - Authenticated Privilege Escalation via Unquoted Search Path

CVE-2023-36344 HIGH

Diebold Nixdorf Vynamic View Console <5.3.1 - Code Injection

CVE-2023-37490 HIGH

SAP BusinessObjects Business Intelligence 420, 430 - Authenticated Uncontrolled Search Path Element

CVE-2023-3662 HIGH

CODESYS Development System 3.5.17.0-3.5.19.19 - Uncontrolled Search Path Element

CVE-2023-36853 HIGH

Keysight Geolocation Server <v2.4.2 - Code Injection

CVE-2023-37849 MEDIUM

Panda Security VPN < 15.14.8 - DLL Hijacking via Crafted DLL in Executable Directory

CVE-2023-31543 CRITICAL

pipreqs 0.3.0-0.4.11 - Dependency Confusion via PyPI Package Upload

CVE-2023-28929 HIGH

Trend Micro Security <2023 - DLL Hijacking

CVE-2023-2005 MEDIUM

Tenable Nessus, SecurityCenter, Tenable.io - Uncontrolled Search Path Element

CVE-2023-27908 HIGH

Autodesk Installer 1.29.0.90-1.39.0.216 - Privilege Escalation via DLL Parsing

CVE-2023-0142 MEDIUM

Synology DSM <7.1 - Privilege Escalation

CVE-2023-0976 MEDIUM

Trellix Agent < 5.7.9 - Uncontrolled Search Path Element via TA Deployment Feature

CVE-2023-3091 HIGH

Captura <8.0.0 - Uncontrolled Search Path

CVE-2023-28080 MEDIUM

Dell PowerPath 7.0-7.2 - DLL Hijacking and Privilege Escalation

CVE-2023-25005 HIGH

Autodesk InfraWorks 2021.0-2021.2 and 2023 - Resource Injection via Malicious DLL File

CVE-2023-25428 HIGH

Soft-o Free Password Manager 1.1.20 - DLL Hijacking

CVE-2023-31197 MEDIUM

Intel(R) Trace Analyzer and Collector <2020-3 - Privilege Escalation

CVE-2023-27386 MEDIUM

Intel Pathfinder for RISC-V - Uncontrolled Search Path Privilege Escalation via Local Access

CVE-2023-27298 HIGH

Intel(R) WULT <1.0.0 - Privilege Escalation

CVE-2023-22355 MEDIUM

Intel oneAPI Toolkit <4.3.0.251 - Privilege Escalation

CVE-2023-30237 HIGH

CyberGhost < 8.3.10.10015 - DLL Injection via Dashboard.exe

CVE-2023-2355 HIGH

Acronis Snap Deploy <3900 - Privilege Escalation

CVE-2023-29012 HIGH

Git for Windows <2.40.1 - Code Injection

Previous Page 24 of 47 Next

Details

Vulnerabilities 1,171

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy