VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 13 of 18
  • CVE-2026-4546HigMar 22, 2026
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attack requires a high level of…

  • CVE-2026-4545HigMar 22, 2026
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The attack is only possible with local access. The attack is considered to have high…

  • CVE-2026-3787HigMar 8, 2026
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is…

  • CVE-2026-2542HigFeb 16, 2026
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible to launch the attack on…

  • CVE-2026-2538HigFeb 16, 2026
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is…

  • CVE-2026-2516HigFeb 15, 2026
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly…

  • CVE-2025-15569HigFeb 10, 2026
    risk 0.46cvss 7.0epss 0.00

    A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high…

  • CVE-2025-13433HigNov 20, 2025
    risk 0.46cvss 7.0epss 0.00

    A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an unknown function of the file C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe of the component Windows Service. The manipulation results in…

  • CVE-2025-12286HigOct 27, 2025
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of…

  • CVE-2025-12247HigOct 27, 2025
    risk 0.46cvss 7.0epss 0.00

    A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity…

  • CVE-2025-11940HigOct 19, 2025
    risk 0.46cvss 7.0epss 0.00

    A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of…

  • CVE-2025-9267HigSep 26, 2025
    risk 0.46cvss epss 0.00

    In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their origin or integrity. This behavior can be exploited by placing a malicious DLL in…

  • CVE-2025-9016HigAug 15, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to…

  • CVE-2025-9000HigAug 15, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The…

  • CVE-2025-4769HigMay 16, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is…

  • CVE-2025-4532HigMay 11, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access…

  • CVE-2025-4455HigMay 9, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscm…

  • CVE-2025-4272HigMay 5, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService.…

  • CVE-2025-1804HigMar 1, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached…

  • CVE-2025-1353HigFeb 16, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is…