Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,133 vulnerabilities with CWE-427

CVE-2026-2538 HIGH

Notepad2 4.2.22-4.2.25 - Path Traversal

CVE-2026-2516 HIGH

Unidocs ezPDF DRM Reader/ezPDF Reader 2.0/3.0.0.4 - Path Traversal

CVE-2026-25676 HIGH

M-Track Duo HD <1.0.0 - Code Injection

CVE-2026-2361 HIGH

PostgreSQL - Privilege Escalation

CVE-2026-2360 HIGH

PostgreSQL Anonymizer - Privilege Escalation

CVE-2026-25656 HIGH

Siemens Sinec Nms < 2.15.2.1 - Uncontrolled Search Path

CVE-2026-25655 HIGH

Siemens Sinec Nms < 4.0 - Uncontrolled Search Path

CVE-2026-23741 NONE

Asterisk <20.7-cert9, 20.18.2, 21.12.1, 22.8.2, 23.2.2 - Privilege ...

CVE-2026-23740 NONE

Sangoma Certified Asterisk < 20.18.2 - Uncontrolled Search Path

CVE-2026-24694 HIGH

Roland Cloud Manager <3.1.19 - Code Injection

CVE-2026-25129 MEDIUM

Psysh < 0.12.19 - Uncontrolled Search Path

CVE-2026-21408 HIGH

beat-access <3.0.3 - Code Injection

CVE-2026-0776 HIGH

Discord Client - Privilege Escalation

CVE-2026-23755 HIGH

D-Link D-View 8 <2.0.1.107 - Code Injection

CVE-2026-24016 HIGH

ServerView Agents - Code Injection

CVE-2026-21427 HIGH

Pioneer Corporation - DLL Hijacking

CVE-2025-10549 MEDIUM

DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation

CVE-2025-14821 HIGH

Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

CVE-2025-69784 HIGH

OpenEDR 2.5.1.0 - Privilege Escalation

CVE-2025-11792 HIGH

Acronis Cyber Protect Cloud Agent <41124 - Privilege Escalation

CVE-2025-15558 HIGH

Docker CLI <=29.1.5 - Privilege Escalation

CVE-2025-54519 HIGH

Doc Nav - Privilege Escalation

CVE-2025-52541 HIGH

Vivado - Privilege Escalation

CVE-2025-48503 HIGH

AMD Software Installer - Privilege Escalation

CVE-2025-32452 MEDIUM

AI Playground <2.6.1 beta - Privilege Escalation

Previous Page 3 of 46 Next

Details

Vulnerabilities 1,133

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy