VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 13 of 19
  • CVE-2025-30506MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code…

  • CVE-2025-30182MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack…

  • CVE-2025-25059MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity…

  • CVE-2025-24842MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable local code…

  • CVE-2025-24491MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Killer(TM) Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high…

  • CVE-2025-20065MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable…

  • CVE-2025-55671HigSep 5, 2025
    risk 0.44cvss 7.8epss 0.00

    Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.

  • CVE-2025-27717MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access

  • CVE-2025-26404MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-24923MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-22838MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-21093MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20627MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20092MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20048MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20017MedAug 12, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-1729MedJul 17, 2025
    risk 0.44cvss 6.7epss 0.00

    A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.

  • CVE-2025-21099MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20108MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-20043MedMay 13, 2025
    risk 0.44cvss 6.7epss 0.00

    Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access.