Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-69784 HIGH

OpenEDR 2.5.1.0 - Privilege Escalation

CVE-2025-11792 HIGH

Acronis Cyber Protect Cloud Agent <41124 - Privilege Escalation

CVE-2025-15558 HIGH

Docker CLI <=29.1.5 - Privilege Escalation

CVE-2025-54519 HIGH

AMD Vivado Documentation Navigator Installation (Windows) - DLL Hijacking

CVE-2025-52541 HIGH

AMD Vivado Installation (Windows) >=2025.2 - DLL Hijacking

CVE-2025-48503 HIGH

AMD Software Installer - Privilege Escalation

CVE-2025-32452 MEDIUM

AI Playground <2.6.1 beta - Privilege Escalation

CVE-2025-20106 MEDIUM

Intel VTune Profiler <2025.0 - Privilege Escalation

CVE-2025-15569 HIGH

Artifex MuPDF <1.26.1 - Path Traversal

CVE-2025-13919 MEDIUM

Symantec Endpoint Protection <14.3 RU10-8 - COM Hijacking

CVE-2025-30248 HIGH

WD Discovery < 5.3 - DLL Hijacking via Installer Search Path

CVE-2025-71178 HIGH

Crucial Storage Executive <11.08.082025.00 - Code Injection

CVE-2025-33231 MEDIUM

NVIDIA Nsight Systems - Code Execution

CVE-2025-33229 HIGH

NVIDIA Nsight Visual Studio for Windows - Privilege Escalation

CVE-2025-65118 HIGH

AVEVA Process Optimization < 2025 - Authenticated Privilege Escalation via Uncontrolled Search Path

CVE-2025-14625 MEDIUM

Altera Quartus Prime <24.1 - Buffer Overflow

CVE-2025-14605 MEDIUM

Altera Quartus Prime Pro <25.1.1 - Search Order Hijacking

CVE-2025-14599 MEDIUM

Altera Quartus Prime <24.1 - Buffer Overflow

CVE-2025-14596 MEDIUM

Altera Quartus Prime Pro <24.3.1 - Buffer Overflow

CVE-2025-57836 HIGH

Samsung Magician 6.3.0-8.3.2 - Uncontrolled Search Path Element via Weak Temporary Folder Permissions

CVE-2025-66835 HIGH

TrueConf Client 8.5.2 - Code Injection

CVE-2025-67450 HIGH

Eaton UPS Companion < 3.0 - Uncontrolled Search Path Element

CVE-2025-59887 HIGH

Eaton UPS Companion < 3.0 - Unauthenticated Arbitrary Code Execution via Library File Authentication Bypass

CVE-2025-14498 HIGH

TradingView Desktop - Privilege Escalation

CVE-2025-14406 HIGH

Soda PDF Desktop - Privilege Escalation

Previous Page 5 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy