Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427

CVE-2022-1824 HIGH

McAfee Consumer Product Removal Tool < 10.4.128 - Uncontrolled Search Path Element via Sideloading Attack

CVE-2022-22788 HIGH

Zoom Meetings and Rooms < 5.10.3 - DLL Injection via Zoom Opener Installer

CVE-2022-24077 HIGH

Naver Cloud Explorer Beta - Code Injection

CVE-2022-29092 HIGH

Dell SupportAssist Client Consumer <3.11.0 & Commercial <3.2.0 - Pr...

CVE-2022-30744 MEDIUM

Samsung Kies < 2.6.4.22043_1 - DLL Hijacking via KiesWrapper

CVE-2022-30701 HIGH

Trend Micro Apex One/Apex One as a Service - Privilege Escalation

CVE-2022-28394 HIGH

Trend Micro Password Manager <3.7.0.1223 - DLL Injection

CVE-2022-23050 HIGH

ManageEngine Applications Manager 15.0-15.5 - Authenticated DLL Hijacking via Upload Files Functionality

CVE-2022-31467 HIGH

Quick Heal Total Security <12.1.1.27 - Privilege Escalation

CVE-2022-28965 MEDIUM

Avast Premium Security <v21.11.2500 - RCE/DoS

CVE-2022-30697 HIGH

Acronis Snap Deploy <build 3640 - Privilege Escalation

CVE-2022-30696 HIGH

Acronis Snap Deploy <3640 - Privilege Escalation

CVE-2022-22139 HIGH

Intel(R) XTU <7.3.0.33 - Privilege Escalation

CVE-2022-28247 MEDIUM

Adobe Acrobat/Reader DC < 22.001.20085 & < 17.012.30205 - Local Privilege Escalation via Uncontrolled Search Path

CVE-2022-0025 MEDIUM

Cortex XDR Agent 7.7.0 - Authenticated Local Privilege Escalation via Uncontrolled Search Path

CVE-2022-28714 HIGH

F5 BIG-IP APM <16.1.2.2, <15.1.5.1, <14.1.4.6, <13.1.5, <=12.1.x, <...

CVE-2022-28792 MEDIUM

Gear IconX PC Manager <2.1.220405.51 - RCE

CVE-2022-0192 HIGH

Lenovo PCManager <4.0.40.2175 - Privilege Escalation

CVE-2022-24767 HIGH

Git for Windows Uninstaller < - DLL Hijacking

CVE-2022-24765 MEDIUM

Git for Windows < 2.35.2 - Uncontrolled Search Path Element via Git Directory Search

CVE-2022-23449 HIGH

SIMATIC Energy Manager Basic and PRO < 7.3 Update 1 - DLL Hijacking via Uncontrolled Search Path

CVE-2022-28779 MEDIUM

Samsung Android USB Driver <1.7.50 - Code Injection

CVE-2022-28541 MEDIUM

Samsung Update < 3.0.77.0 - Unauthenticated Arbitrary Code Execution via Uncontrolled Search Path

CVE-2022-27843 MEDIUM

Samsung Kies < 2.6.4.22014_2 - DLL Hijacking

CVE-2022-27842 MEDIUM

Samsung Smart Switch PC < 4.2.22022_4 - DLL Hijacking

Previous Page 30 of 47 Next

Details

Vulnerabilities 1,172

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy