VYPR

CWE-427

Uncontrolled Search Path Element

BaseDraft

Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-38 · CAPEC-471

CVEs mapped to this weakness (377)

page 9 of 19
  • CVE-2026-4134HigApr 15, 2026
    risk 0.47cvss 7.3epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.

  • CVE-2026-4158HigApr 11, 2026
    risk 0.47cvss 7.3epss 0.00

    KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged…

  • CVE-2026-2040HigFeb 20, 2026
    risk 0.47cvss 7.3epss 0.00

    PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute…

  • CVE-2025-54519HigFeb 12, 2026
    risk 0.47cvss 7.3epss 0.00

    A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2025-52541HigFeb 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

  • CVE-2026-21408HigJan 27, 2026
    risk 0.47cvss 7.3epss 0.00

    beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.

  • CVE-2026-0776HigJan 23, 2026
    risk 0.47cvss 7.3epss 0.00

    Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2025-5470HigDec 9, 2025
    risk 0.47cvss epss 0.00

    Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.

  • CVE-2025-5469HigDec 9, 2025
    risk 0.47cvss epss 0.00

    Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245

  • CVE-2025-64726HigNov 13, 2025
    risk 0.47cvss epss 0.00

    Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary code execution when run in…

  • CVE-2025-27237HigOct 3, 2025
    risk 0.47cvss epss 0.00

    In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

  • CVE-2025-11178HigSep 30, 2025
    risk 0.47cvss 7.3epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for SanDisk (Windows) before build 42679,…

  • CVE-2024-13946MedMay 22, 2025
    risk 0.47cvss 6.8epss 0.01

    DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-57964HigFeb 18, 2025
    risk 0.47cvss 7.3epss 0.00

    Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:.

  • CVE-2024-57963HigFeb 18, 2025
    risk 0.47cvss 7.3epss 0.00

    Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:.

  • CVE-2023-31361HigFeb 11, 2025
    risk 0.47cvss 7.3epss 0.00

    A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

  • CVE-2024-57426HigFeb 6, 2025
    risk 0.47cvss 7.3epss 0.00

    NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.

  • CVE-2024-45246HigOct 6, 2024
    risk 0.47cvss 7.3epss 0.00

    Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

  • CVE-2024-2637HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.00

    An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial…

  • CVE-2018-11049HigJul 11, 2018
    risk 0.47cvss 7.3epss 0.00

    RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user…