VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 11 of 19
  • CVE-2025-0712HigJul 30, 2025
    risk 0.46cvss 7.0epss 0.00

    An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete…

  • CVE-2025-1700HigJul 17, 2025
    risk 0.46cvss 7.0epss 0.00

    A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.

  • CVE-2025-2272HigMay 22, 2025
    risk 0.46cvss 7.0epss 0.00

    Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05.

  • CVE-2025-4769HigMay 16, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is…

  • CVE-2025-4532HigMay 11, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled search path. Local access…

  • CVE-2025-4455HigMay 9, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscm…

  • CVE-2025-4272HigMay 5, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService.…

  • CVE-2024-12530HigApr 17, 2025
    risk 0.46cvss epss 0.00

    Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the…

  • CVE-2025-1804HigMar 1, 2025
    risk 0.46cvss 7.0epss 0.00

    A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached…

  • CVE-2024-1182HigJul 4, 2024
    risk 0.46cvss 7.0epss 0.00

    Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric MC Works64 all versions,…

  • CVE-2024-39708HigJun 28, 2024
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege…

  • CVE-2024-0980HigMar 28, 2024
    risk 0.46cvss 7.1epss 0.00

    The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.

  • CVE-2018-5457HigFeb 6, 2018
    risk 0.46cvss 7.0epss 0.00

    A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target…

  • CVE-2017-9661HigAug 14, 2017
    risk 0.46cvss 7.0epss 0.01

    An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in…

  • CVE-2017-5176HigMay 19, 2017
    risk 0.46cvss 7.0epss 0.01

    A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE,…

  • CVE-2017-6051HigMay 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in…

  • CVE-2024-6769MedSep 26, 2024
    risk 0.45cvss 6.7epss 0.01

    A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process…

  • CVE-2024-22451MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.

  • CVE-2024-22447MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.

  • CVE-2026-53813HigJun 11, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations,…