CWE-427
Uncontrolled Search Path Element
BaseDraft
Description
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-38 · CAPEC-471
CVEs mapped to this weakness (303)
page 10 of 16| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1182 | Hig | 0.46 | 7.0 | 0.00 | Jul 4, 2024 | Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, Hyper Historian, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. | |
| CVE-2024-39708 | Hig | 0.46 | 7.0 | 0.00 | Jun 28, 2024 | An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. | |
| CVE-2024-0980 | Hig | 0.46 | 7.1 | 0.00 | Mar 28, 2024 | The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. | |
| CVE-2017-9661 | Hig | 0.46 | 7.0 | 0.00 | Aug 14, 2017 | An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. | |
| CVE-2017-6051 | Hig | 0.46 | 7.0 | 0.00 | May 8, 2017 | An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | |
| CVE-2024-6769 | Med | 0.45 | 6.7 | 0.16 | Sep 26, 2024 | A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. | |
| CVE-2017-5176 | Hig | 0.45 | 7.0 | 0.00 | May 19, 2017 | A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim's affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges. | |
| CVE-2026-45004 | Hig | 0.44 | 7.8 | 0.00 | May 11, 2026 | OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious extensions/<plugin>/setup-api.js file in a repository and convincing a user to run OpenClaw commands from that directory. | |
| CVE-2026-25852 | Med | 0.44 | 6.7 | 0.00 | Apr 29, 2026 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | |
| CVE-2026-1636 | Med | 0.44 | 6.7 | 0.00 | Apr 15, 2026 | A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges. | |
| CVE-2026-40031 | Hig | 0.44 | 7.8 | 0.00 | Apr 8, 2026 | MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads. | |
| CVE-2026-28728 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2026 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |
| CVE-2026-27774 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2026 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |
| CVE-2025-32452 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-20106 | Med | 0.44 | 6.7 | 0.00 | Feb 10, 2026 | Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-35972 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-32038 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-32001 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-31931 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |
| CVE-2025-31647 | Med | 0.44 | 6.7 | 0.00 | Nov 11, 2025 | Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |