VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 1 of 19
  • CVE-2017-6517CriMar 23, 2017
    risk 0.67cvss 9.8epss 0.46

    Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the…

  • CVE-2025-69599CriMay 8, 2026
    risk 0.64cvss 9.8epss 0.00

    RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

  • CVE-2019-25268CriJan 8, 2026
    risk 0.64cvss 9.8epss 0.00

    NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious…

  • CVE-2023-53959CriDec 19, 2025
    risk 0.64cvss 9.8epss 0.01

    FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve…

  • CVE-2018-12805CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.04

    Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2017-3097CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.07

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3092CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3090CriJun 20, 2017
    risk 0.64cvss 9.8epss 0.09

    Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

  • CVE-2025-13051CriNov 19, 2025
    risk 0.60cvss epss 0.00

    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account,…

  • CVE-2025-34109HigJul 15, 2025
    risk 0.59cvss epss 0.00

    PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code…

  • CVE-2025-30248HigJan 26, 2026
    risk 0.58cvss epss 0.01

    DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.

  • CVE-2026-7870HigJun 11, 2026
    risk 0.57cvss 8.8epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.

  • CVE-2026-40342CriApr 17, 2026
    risk 0.57cvss 9.9epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated…

  • CVE-2026-30478HigApr 9, 2026
    risk 0.57cvss 8.8epss 0.00

    A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.

  • CVE-2025-9164HigOct 27, 2025
    risk 0.57cvss epss 0.00

    Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This…

  • CVE-2025-9844HigSep 23, 2025
    risk 0.57cvss 8.8epss 0.00

    Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.

  • CVE-2025-9059HigSep 11, 2025
    risk 0.57cvss epss 0.00

    The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.

  • CVE-2024-2208HigNov 12, 2024
    risk 0.57cvss 8.8epss 0.00

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.

  • CVE-2017-7966HigJun 7, 2017
    risk 0.57cvss 8.8epss 0.02

    A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.

  • CVE-2025-59889HigOct 14, 2025
    risk 0.56cvss 8.6epss 0.00

    Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.  This security issue has been fixed in the latest version of IPP which is available on the Eaton download…