VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 17 of 19
  • CVE-2025-49148HigJun 11, 2025
    risk 0.40cvss 7.3epss 0.00

    ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A…

  • CVE-2025-32780HigApr 15, 2025
    risk 0.40cvss 7.3epss 0.00

    BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\\AppData\Local\Microsoft\WindowsApps\,…

  • CVE-2025-1223MedFeb 20, 2025
    risk 0.40cvss 6.1epss 0.00

    An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

  • CVE-2026-2492HigFeb 20, 2026
    risk 0.39cvss 7.0epss 0.00

    TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code…

  • CVE-2024-2207MedNov 12, 2024
    risk 0.39cvss 6.0epss 0.00

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.

  • CVE-2018-5235MedAug 22, 2018
    risk 0.39cvss 6.0epss 0.00

    Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is…

  • CVE-2026-44406MedMay 7, 2026
    risk 0.37cvss 5.7epss 0.00

    ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability;…

  • CVE-2025-26624MedFeb 18, 2025
    risk 0.37cvss epss 0.00

    Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher…

  • CVE-2024-40644MedJul 18, 2024
    risk 0.37cvss 6.8epss 0.00

    gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. `gix-path` can be tricked into running another `git.exe` placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative…

  • CVE-2026-40004MedMay 7, 2026
    risk 0.36cvss 5.5epss 0.00

    There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

  • CVE-2024-44168MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.00

    A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system.

  • CVE-2026-20772MedMay 12, 2026
    risk 0.35cvss epss 0.00

    Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high…

  • CVE-2025-36515MedMay 12, 2026
    risk 0.35cvss epss 0.00

    Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…

  • CVE-2025-35969MedMay 12, 2026
    risk 0.35cvss epss 0.00

    Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may…

  • CVE-2025-7676MedJul 28, 2025
    risk 0.35cvss epss 0.00

    DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would…

  • CVE-2026-47274MedMay 27, 2026
    risk 0.34cvss 6.3epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process…

  • CVE-2018-12160MedSep 12, 2018
    risk 0.34cvss 5.3epss 0.00

    DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

  • CVE-2017-5147MedSep 9, 2017
    risk 0.34cvss 5.3epss 0.00

    An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.

  • CVE-2026-41373MedApr 28, 2026
    risk 0.33cvss 6.1epss 0.00

    OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER via environment overrides. Attackers with…

  • CVE-2025-10549MedApr 23, 2026
    risk 0.33cvss 5.1epss 0.00

    EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges,…