Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,172 vulnerabilities with CWE-427

CVE-2020-15723 HIGH

360 Total Security < 12.1.0.1004 - Local Privilege Escalation via DLL Hijacking

CVE-2020-15722 HIGH

360 Total Security < 12.1.0.1004 - Local Privilege Escalation via DLL Hijacking

CVE-2020-12423 HIGH

Firefox < 78.0 - Uncontrolled Search Path Element via webauthn.dll

CVE-2020-9100 HIGH

HiSuite < 10.1.0.500 - DLL Hijacking via Improper DLL Loading

CVE-2020-15523 HIGH

Python 3.6-3.6.10, 3.7-3.7.8, 3.8-3.8.4rc1, 3.9-3.9.0b4 Windows - Uncontrolled Search Path

CVE-2020-13279 HIGH

GitLab-Visual Studio Code Extension <2.2.0 - RCE

CVE-2020-11613 HIGH

Mids' Reborn Hero Designer 2.6.0.7 - Uncontrolled Search Path Element via Insecure Installation Folder Permissions

CVE-2020-7585 HIGH

SIMATIC PCS 7, SIMATIC PDM, SIMATIC STEP 7, SINAMICS STARTER - DLL Hijacking

CVE-2020-9858 HIGH

Windows Migration Assistant < 2.2.0.0 - Unauthenticated Arbitrary Code Execution via Dynamic Library Loading

CVE-2020-5357 HIGH

Dell Dock Firmware Update Utilities < 1.0.14 - Arbitrary File Overwrite via Symlink

CVE-2020-13110 HIGH

kerberos < 1.0.0 - Uncontrolled Search Path Element via LoadLibrary()

CVE-2020-10616 HIGH

Opto 22 SoftPAC <9.6 - Code Injection

CVE-2020-10626 HIGH

Fazecast jSerialComm <2.2.2 - Code Injection

CVE-2020-6244 HIGH

SAP Business Client 7.0 - Code Injection

CVE-2020-5740 HIGH

Plex Media Server < 1.19.1.2701 - Unauthenticated Arbitrary Python Code Execution via Improper Input Validation

CVE-2020-8895 HIGH

Google Earth < 7.3.3 - Unauthenticated Remote Code Execution via Untrusted Search Path

CVE-2020-10515 CRITICAL

STARFACE UCC Client <6.7.1.204 - Code Injection

CVE-2020-8146 HIGH

UniFi Video <3.10.2 - Privilege Escalation

CVE-2020-3803 HIGH

Adobe Acrobat and Reader <2020.006.20034 - Privilege Escalation

CVE-2020-10649 HIGH

ASUS Device Activation <1.0.7.0 - RCE

CVE-2020-7474 HIGH

ProSoft Configurator < 1.002 - Untrusted Code Execution via DLL Search Path

CVE-2020-9290 HIGH

FortiClient < 6.2.3 - Uncontrolled Search Path Element via Malicious Filter Library DLL

CVE-2020-9287 HIGH

FortiClient EMS < 6.2.1 - Unauthenticated Arbitrary Code Execution via Filter Library DLL Hijacking

CVE-2020-8469 HIGH

Trend Micro Password Manager <5.0 - Privilege Escalation

CVE-2020-0565 HIGH

Intel Graphics Driver < 26.20.100.7158 - Authenticated Privilege Escalation via Uncontrolled Search Path

Previous Page 40 of 47 Next

Details

Vulnerabilities 1,172

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy