VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 2 of 19
  • CVE-2024-9499HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9498HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9497HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9496HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9495HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9494HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9493HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9492HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9491HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9490HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2026-5064HigJun 15, 2026
    risk 0.55cvss epss 0.00

    Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities.

  • CVE-2026-11967HigJun 12, 2026
    risk 0.55cvss epss 0.00

    MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location…

  • CVE-2026-11879HigJun 12, 2026
    risk 0.55cvss epss 0.00

    MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this…

  • CVE-2026-7373HigMay 15, 2026
    risk 0.55cvss epss 0.00

    Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL…

  • CVE-2026-21661HigMay 6, 2026
    risk 0.55cvss epss 0.00

    Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

  • CVE-2022-50808HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service…

  • CVE-2025-12852HigNov 19, 2025
    risk 0.55cvss epss 0.00

    DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.

  • CVE-2025-61161HigOct 29, 2025
    risk 0.55cvss 8.4epss 0.00

    DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a…

  • CVE-2025-56383HigSep 26, 2025
    risk 0.55cvss 8.4epss 0.00

    Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by…

  • CVE-2024-13976HigJul 25, 2025
    risk 0.55cvss epss 0.00

    A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code…