VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 3 of 19
  • CVE-2024-11859HigApr 7, 2025
    risk 0.55cvss epss 0.02

    DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.

  • CVE-2024-2658HigJan 30, 2025
    risk 0.55cvss epss 0.00

    A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and…

  • CVE-2017-7884HigJun 16, 2017
    risk 0.55cvss 8.4epss 0.00

    In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will…

  • CVE-2017-16777HigNov 16, 2017
    risk 0.54cvss 7.8epss 0.01

    If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

  • CVE-2017-12579HigOct 19, 2017
    risk 0.54cvss 7.8epss 0.01

    An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.

  • CVE-2014-8393HigAug 29, 2017
    risk 0.54cvss 7.8epss 0.08

    DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.

  • CVE-2017-12653HigAug 7, 2017
    risk 0.54cvss 7.8epss 0.02

    360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.

  • CVE-2026-34632HigApr 15, 2026
    risk 0.53cvss 8.2epss 0.00

    Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search…

  • CVE-2025-23358HigNov 4, 2025
    risk 0.53cvss 8.2epss 0.00

    NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.

  • CVE-2025-23309HigOct 10, 2025
    risk 0.53cvss 8.2epss 0.00

    NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.

  • CVE-2026-32172HigApr 23, 2026
    risk 0.52cvss 8.0epss 0.00

    Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

  • CVE-2026-2361HigFeb 11, 2026
    risk 0.52cvss 8.0epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser…

  • CVE-2026-2360HigFeb 11, 2026
    risk 0.52cvss 8.0epss 0.00

    PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is…

  • CVE-2026-50100HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using…

  • CVE-2026-10847HigJun 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process.…

  • CVE-2026-8637HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.

  • CVE-2026-36574HigJun 3, 2026
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

  • CVE-2023-52945HigMay 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2025-41670HigMay 27, 2026
    risk 0.51cvss 7.8epss 0.00

    A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not…

  • CVE-2024-36333HigMay 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.