VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 4 of 19
  • CVE-2026-44612HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the…

  • CVE-2026-6788HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.

  • CVE-2026-7279HigApr 28, 2026
    risk 0.51cvss 7.8epss 0.00

    AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.

  • CVE-2026-32679HigApr 23, 2026
    risk 0.51cvss 7.8epss 0.00

    The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a…

  • CVE-2026-22619HigApr 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software…

  • CVE-2026-5397HigApr 15, 2026
    risk 0.51cvss 7.8epss 0.00

    It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. …

  • CVE-2026-5055HigApr 11, 2026
    risk 0.51cvss 7.8epss 0.00

    NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2026-28704HigApr 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.

  • CVE-2025-14821HigApr 7, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH…

  • CVE-2026-3775HigApr 1, 2026
    risk 0.51cvss 7.8epss 0.00

    The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and…

  • CVE-2026-22561HigMar 31, 2026
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation,…

  • CVE-2026-28760HigMar 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

  • CVE-2026-25191HigFeb 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's…

  • CVE-2026-26050HigFeb 20, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed…

  • CVE-2026-25676HigFeb 12, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.

  • CVE-2025-48503HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2026-25656HigFeb 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load…

  • CVE-2026-24694HigFeb 3, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.

  • CVE-2026-24016HigJan 21, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.

  • CVE-2026-21427HigJan 8, 2026
    risk 0.51cvss 7.8epss 0.00

    The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.