Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-427

CWE-427

Uncontrolled Search Path Element

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

1,168 vulnerabilities with CWE-427

CVE-2025-14405 MEDIUM

PDFsam Enhanced - Privilege Escalation

CVE-2025-53000 HIGH

jupyter/nbconvert <= 7.16.6 - Unauthenticated Remote Code Execution via SVG to PDF Conversion

CVE-2025-13670 MEDIUM

Intel High Level Synthesis Compiler < 24.3 - DLL Planting via i++ Command

CVE-2025-13669 MEDIUM

Intel High Level Synthesis Compiler 19.1-24.3 - Search Order Hijacking via Uncontrolled Search Path Element

CVE-2025-13665 MEDIUM

Intel Quartus Prime < 24.1 - DLL Planting in System Console Utility

CVE-2025-13668 MEDIUM

Intel Quartus Prime Pro Edition < 25.1 - Privilege Escalation via Uncontrolled Search Path

CVE-2025-13664 MEDIUM

Intel Quartus Prime < 24.1 - Privilege Escalation via Uncontrolled Search Path Element

CVE-2025-64995 MEDIUM

TeamViewer DEX < 3.4 - Privilege Escalation via 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting Instruction

CVE-2025-64994 MEDIUM

TeamViewer DEX < 17.1 - Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate

CVE-2025-34424 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIDP.DLL Loading

CVE-2025-34423 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIAU.DLL Loading

CVE-2025-34422 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIPC.DLL Loading

CVE-2025-34421 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAISP.DLL Loading

CVE-2025-34420 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIAM.DLL Loading

CVE-2025-34419 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAISM.DLL Loading

CVE-2025-34418 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIMF.DLL Loading

CVE-2025-34417 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAISO.DLL Loading

CVE-2025-34416 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAIPO.DLL Loading

CVE-2025-13152 HIGH

Lenovo One Client - Privilege Escalation

CVE-2025-12046 HIGH

Lenovo App Store/Browser - Privilege Escalation

CVE-2025-65741 CRITICAL

Sublime Text 3 <3208 - Code Injection

CVE-2025-34396 HIGH

MailEnable < 10.54 - Uncontrolled Search Path Element via MEAINFY.DLL Loading

CVE-2025-5471 HIGH

Yandex Telemost <2.19.1 - Search Order Hijacking

CVE-2025-5470 HIGH

Yandex Disk <3.2.45.3275 - Search Order Hijacking

CVE-2025-5469 HIGH

Yandex Messenger <2.245 - Search Order Hijacking

Previous Page 6 of 47 Next

Details

Vulnerabilities 1,168

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy