Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,171 vulnerabilities with CWE-427

CVE-2023-29011 HIGH

Git for Windows < 2.40.1 - Uncontrolled Search Path Element via connect.exe Config File

CVE-2023-28140 MEDIUM

Qualys Cloud Agent < 4.5.3.1 - Uncontrolled Search Path Element via DLL Hijacking

CVE-2023-29187 MEDIUM

SapSetup <9.0 - Privilege Escalation

CVE-2023-1745 MEDIUM

KMPlayer 4.2.2.73 - Uncontrolled Search Path Element in SHFOLDER.dll

CVE-2023-0213 HIGH

M-Files Installer <22.6 - Privilege Escalation

CVE-2023-28596 HIGH

Zoom Client for IT Admin <5.13.5 - Privilege Escalation

CVE-2023-28759 HIGH

Veritas NetBackup <10.0 - Privilege Escalation

CVE-2023-24578 MEDIUM

McAfee Total Protection <16.0.49 - Privilege Escalation

CVE-2023-25147 MEDIUM

Trend Micro Apex One - Uncontrolled Search Path Element via DLL Hijacking During Update

CVE-2023-25143 CRITICAL

Trend Micro Apex One < 14.0.11960 - Remote Code Execution via Uncontrolled Search Path Element

CVE-2023-23554 HIGH

pg_ivm < 1.5.1 - Uncontrolled Search Path Element via Schema Name Omission

CVE-2023-26266 HIGH

AFL++ 4.05c - Uncontrolled Search Path Element in CmpLog

CVE-2023-0400 MEDIUM

DLP for Windows <11.10.0 - Privilege Escalation

CVE-2023-22358 HIGH

BIG-IP Edge Client <7.2.3.1 - DLL Hijacking

CVE-2023-22283 MEDIUM

BIG-IP Edge Client <7.2.3.1 - DLL Hijacking

CVE-2023-0247 HIGH

bits-and-blooms/bloom <3.3.1 - Buffer Overflow

CVE-2023-22947 HIGH

Shibboleth Service Provider < 3.4.1 - Unprivileged Local Privilege Escalation via DLL Planting

CVE-2022-50808 HIGH

CoolerMaster MasterPlus <1.8.5 - Code Injection

CVE-2022-28339 HIGH

Trend Micro HouseCall <5.3.1302 - Code Injection

CVE-2022-27595 HIGH

QVPN < 2.0.0.1316 - Uncontrolled Search Path Element

CVE-2022-4956 HIGH

Caphyon Advanced Installer 19.7 - Uncontrolled Search Path in WinSxS DLL Handler

CVE-2022-4894 HIGH

HP and Samsung Printers - Privilege Escalation

CVE-2022-43456 MEDIUM

Intel(R) RST <16.8.5.1014.5-19.5.2.1049.5 - Privilege Escalation

CVE-2022-25864 MEDIUM

Intel oneAPI Math Kernel Library < 2022.0 - Authenticated Privilege Escalation via Uncontrolled Search Path

CVE-2022-47636 HIGH

OutSystems Service Studio 11 11.53.30 - Uncontrolled Search Path Element via .oml File Handling

Previous Page 25 of 47 Next

Details

Vulnerabilities 1,171

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy