VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 18 of 19
  • CVE-2025-48496MedJul 11, 2025
    risk 0.33cvss 5.1epss 0.00

    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

  • CVE-2024-45405MedSep 6, 2024
    risk 0.32cvss 6.0epss 0.00

    `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly…

  • CVE-2018-12163MedSep 12, 2018
    risk 0.31cvss 4.8epss 0.01

    A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.

  • CVE-2025-13919MedJan 28, 2026
    risk 0.29cvss 4.4epss 0.00

    Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the…

  • CVE-2026-12003MedJun 16, 2026
    risk 0.27cvss epss 0.00

    To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the…

  • CVE-2023-51710MedApr 29, 2024
    risk 0.27cvss 4.2epss 0.00

    EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

  • CVE-2017-12266MedOct 5, 2017
    risk 0.27cvss 4.2epss 0.00

    A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the…

  • CVE-2026-45003MedMay 11, 2026
    risk 0.26cvss 5.0epss 0.00

    OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

  • CVE-2025-10939LowOct 28, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application…

  • CVE-2024-47576LowDec 10, 2024
    risk 0.21cvss 3.3epss 0.00

    SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious…

  • CVE-2025-14575LowMay 19, 2026
    risk 0.12cvss epss 0.00

    An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working…

  • CVE-2020-27955Nov 5, 2020
    risk 0.10cvss epss 0.83

    Git LFS 2.12.0 allows Remote Code Execution.

  • CVE-2026-29610Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to…

  • CVE-2026-28456Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import(), allowing code execution. An attacker with gateway configuration modification…

  • CVE-2026-28393Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings[].transform.module parameter accepts absolute paths and traversal sequences, enabling attackers…

  • CVE-2025-15558Mar 4, 2026
    risk 0.00cvss epss 0.00

    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that…

  • CVE-2026-25129Jan 30, 2026
    risk 0.00cvss epss 0.00

    PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a…

  • CVE-2025-53000Dec 17, 2025
    risk 0.00cvss epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized…

  • CVE-2025-4981Jun 20, 2025
    risk 0.00cvss epss 0.01

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with…

  • CVE-2025-5981Jun 18, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.