VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 19 of 19
  • CVE-2025-30167Jun 3, 2025
    risk 0.00cvss epss 0.00

    Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow…

  • CVE-2024-10389Nov 4, 2024
    risk 0.00cvss epss 0.00

    There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past…

  • CVE-2024-39613Sep 16, 2024
    risk 0.00cvss epss 0.00

    Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.

  • CVE-2024-27303Mar 6, 2024
    risk 0.00cvss epss 0.00

    electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec…

  • CVE-2023-31543Jun 30, 2023
    risk 0.00cvss epss 0.01

    A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.

  • CVE-2023-0247Jan 12, 2023
    risk 0.00cvss epss 0.00

    Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

  • CVE-2022-39286Oct 26, 2022
    risk 0.00cvss epss 0.01

    Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows…

  • CVE-2021-3840Nov 12, 2021
    risk 0.00cvss epss 0.02

    A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE…

  • CVE-2021-36753Jul 15, 2021
    risk 0.00cvss epss 0.00

    sharkdp BAT before 0.18.2 executes less.exe from the current working directory.

  • CVE-2021-36376Jul 13, 2021
    risk 0.00cvss epss 0.00

    dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.

  • CVE-2021-28955Mar 22, 2021
    risk 0.00cvss epss 0.02

    git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

  • CVE-2020-27348Dec 4, 2020
    risk 0.00cvss epss 0.01

    In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to…

  • CVE-2020-24356Oct 2, 2020
    risk 0.00cvss epss 0.00

    `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user.…

  • CVE-2019-3881Sep 4, 2020
    risk 0.00cvss epss 0.01

    Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an…

  • CVE-2020-13110May 16, 2020
    risk 0.00cvss epss 0.01

    The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.

  • CVE-2005-1632May 17, 2005
    risk 0.00cvss epss 0.00

    Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

  • CVE-2005-0457May 2, 2005
    risk 0.00cvss epss 0.00

    Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.