VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 17 of 18
  • CVE-2026-25992Feb 10, 2026
    risk 0.00cvss epss 0.01

    SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case…

  • CVE-2026-23888Jan 26, 2026
    risk 0.00cvss epss 0.00

    pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../`…

  • CVE-2025-49124Jun 16, 2025
    risk 0.00cvss epss 0.00

    Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from…

  • CVE-2025-30399Jun 13, 2025
    risk 0.00cvss epss 0.01

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

  • CVE-2025-1398Mar 17, 2025
    risk 0.00cvss epss 0.00

    Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

  • CVE-2025-1756Feb 27, 2025
    risk 0.00cvss epss 0.00

    mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prior to 2.3.0

  • CVE-2025-24789Jan 29, 2025
    risk 0.00cvss epss 0.00

    Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an…

  • CVE-2024-53866Dec 10, 2024
    risk 0.00cvss epss 0.01

    The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data…

  • CVE-2023-1521Nov 26, 2024
    risk 0.00cvss epss 0.00

    On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package…

  • CVE-2024-27303Mar 6, 2024
    risk 0.00cvss epss 0.00

    electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec…

  • CVE-2024-24810Feb 7, 2024
    risk 0.00cvss epss 0.00

    WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework.…

  • CVE-2021-4435Feb 4, 2024
    risk 0.00cvss epss 0.00

    An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

  • CVE-2024-22190Jan 11, 2024
    risk 0.00cvss epss 0.00

    GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those…

  • CVE-2023-26031Nov 16, 2023
    risk 0.00cvss epss 0.02

    Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop…

  • CVE-2023-40590Aug 28, 2023
    risk 0.00cvss epss 0.00

    GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a…

  • CVE-2022-38060Dec 21, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

  • CVE-2022-36070Sep 7, 2022
    risk 0.00cvss epss 0.00

    Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of…

  • CVE-2022-29970May 2, 2022
    risk 0.00cvss epss 0.02

    Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

  • CVE-2022-29583Apr 22, 2022
    risk 0.00cvss epss 0.00

    service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.

  • CVE-2022-24826Apr 19, 2022
    risk 0.00cvss epss 0.02

    On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems.…