Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427

CVE-2022-25154 HIGH

Samsung T5 Firmware < 1.6.9 - DLL Hijacking

CVE-2022-1098 HIGH

Delta Electronics DIAEnergie < 1.8.02.004 - DLL Hijacking

CVE-2022-24426 HIGH

Dell Command | Update <4.4.0 - Privilege Escalation

CVE-2022-28128 HIGH

AttacheCase < 3.6.1.0 - Uncontrolled Search Path Element via Trojan Horse DLL

CVE-2022-25348 HIGH

AttacheCase < 4.0.2.7 - Uncontrolled Search Path Element via Trojan Horse DLL

CVE-2022-22996 HIGH

SanDisk Professional G-RAID 4/8 Software Utility <300520006-2 and Driver <6.2.0.16-2 - DLL Hijacking

CVE-2022-26511 HIGH

WPS Presentation <11.8.0.5745 - Buffer Overflow

CVE-2022-26081 HIGH

WPS Office <10.8.0.5745 - Code Injection

CVE-2022-25969 HIGH

WPS Office <10.8.0.6186 - Code Injection

CVE-2022-20001 HIGH

fish 3.1.0-3.3.1 - Arbitrary Code Execution via Git Repository Configuration

CVE-2022-23401 HIGH

Yokogawa CENTUM CS 3000 R3.08.10-R3.09.00 and CENTUM VP R4.01.00-R4.03.00 - Uncontrolled Search Path Element

CVE-2022-26337 HIGH

Trend Micro Password Manager (Consumer) <5.0.0.1262 - Buffer Overflow

CVE-2022-26319 MEDIUM

Trend Micro Portable Security <3.0 Pro, 2.0 - Privilege Escalation

CVE-2022-22943 MEDIUM

VMware Tools 10.0.0-11.x.y - Uncontrolled Search Path Element

CVE-2022-23202 HIGH

Adobe Creative Cloud Desktop < 2.7.0.13 - Uncontrolled Search Path Element

CVE-2022-23410 HIGH

AXIS IP Utility < 4.18.0 - Remote Code Execution and Local Privilege Escalation via DLL Hijacking

CVE-2022-23853 HIGH

KDE Kate <21.12.2 & KTextEditor <5.91.0 - Path Traversal

CVE-2022-0483 HIGH

Acronis VSS Doctor <build 53 - Privilege Escalation

CVE-2022-24955 CRITICAL

Foxit PDF Reader < 11.1.0.52543 and PDF Editor < 10.1.6.37749 - Uncontrolled Search Path Element for DLL Files

CVE-2022-22528 HIGH

SAP ASE <16.0 - Privilege Escalation

CVE-2022-0166 HIGH

McAfee Agent <5.7.5 - Privilege Escalation

CVE-2022-0015 HIGH

Cortex XDR Agent 5.0-5.0.11 and 6.1-6.1.8 - Authenticated Local Privilege Escalation via Uncontrolled Search Path

CVE-2022-0129 HIGH

McAfee TechCheck <4.0.0.2 - Privilege Escalation

CVE-2022-21668 HIGH

pipenv 2018.10.9-2022.1.8 - Remote Code Execution via Malicious Requirements File Comment

CVE-2021-22280 HIGH

B&R Automation Studio 4.0-4.11 - Authenticated Uncontrolled Search Path Element

Previous Page 31 of 47 Next

Details

Vulnerabilities 1,172

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy