VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 2 of 18
  • CVE-2024-48123HigJan 15, 2025
    risk 0.55cvss 8.4epss 0.00

    An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.

  • CVE-2018-1487HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID:…

  • CVE-2018-12589HigJun 28, 2018
    risk 0.55cvss 7.8epss 0.20

    Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.

  • CVE-2017-2214HigJun 9, 2017
    risk 0.55cvss 8.4epss 0.02

    Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

  • CVE-2016-5330HigAug 8, 2016
    risk 0.55cvss 7.8epss 0.18

    Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local…

  • CVE-2014-8358HigDec 11, 2017
    risk 0.54cvss 7.8epss 0.05

    Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM…

  • CVE-2017-7642HigAug 2, 2017
    risk 0.54cvss 7.8epss 0.01

    The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

  • CVE-2024-58250CriApr 22, 2025
    risk 0.53cvss 9.3epss 0.00

    The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.

  • CVE-2024-32019HigApr 12, 2024
    risk 0.53cvss 8.8epss 0.01

    Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID…

  • CVE-2026-11400HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted…

  • CVE-2026-45721CriMay 26, 2026
    risk 0.52cvss 9.0epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named…

  • CVE-2025-31480CriApr 4, 2025
    risk 0.52cvss 9.1epss 0.00

    aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should…

  • CVE-2024-8733HigOct 2, 2024
    risk 0.52cvss 8.0epss 0.00

    A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.

  • CVE-2026-48565HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

  • CVE-2026-24064HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the…

  • CVE-2026-30906HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

  • CVE-2026-35368HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service…

  • CVE-2026-2998HigFeb 23, 2026
    risk 0.51cvss 7.8epss 0.00

    ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.

  • CVE-2025-64785HigDec 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a…

  • CVE-2025-0707HigJan 24, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally.