CWE-426— Untrusted Search Path
528 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-426page 1 of 11
- CVE-2008-3357NONECVSS 0.0EG 0.02008-08-05
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "…
- CVE-2008-5983NONECVSS 0.0EG 0.02009-01-28
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might all…
- CVE-2009-0314NONECVSS 0.0EG 0.02009-01-28
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2…
- CVE-2010-3159NONECVSS 0.0EG 0.02010-10-25
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
- CVE-2010-3190HIGHCVSS 7.8EG 7.82010-08-31
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Ser…
- CVE-2010-4831NONECVSS 0.0EG 0.02011-09-06
Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.
- CVE-2010-4833NONECVSS 0.0EG 0.02011-09-06
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than C…
- CVE-2010-5250NONECVSS 0.0EG 0.02012-09-07
Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE…
- CVE-2011-2019NONECVSS 0.0EG 0.02011-12-14
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstr…
- CVE-2011-3640NONECVSS 0.0EG 0.02011-10-28
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level direct…
- CVE-2011-3691NONECVSS 0.0EG 0.02011-09-27
Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.
- CVE-2011-4125CRITICALCVSS 9.8EG 9.82021-10-27
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
- CVE-2011-5158NONECVSS 0.0EG 0.02012-09-07
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvIn…
- CVE-2012-1854HIGHCVSS 7.8EG 9.0⚠ KEV2012-07-10
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users…
- CVE-2012-2040NONECVSS 0.0EG 0.02012-06-09
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x…
- CVE-2013-2773HIGHCVSS 7.8EG 7.82020-01-14
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution
- CVE-2013-3494HIGHCVSS 7.8EG 7.82020-02-12
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.
- CVE-2013-3942HIGHCVSS 7.8EG 7.82020-02-11
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability
- CVE-2014-0315NONECVSS 0.0EG 0.02014-04-08
Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT…
- CVE-2014-3860HIGHCVSS 7.8EG 7.82020-02-12
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
- CVE-2015-0096NONECVSS 0.0EG 9.02015-03-11
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows loc…
- CVE-2016-10009HIGHCVSS 7.3EG 7.32017-01-05
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
- CVE-2016-10837HIGHCVSS 7.5EG 7.52019-08-01
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
- CVE-2016-6593HIGHCVSS 7.8EG 7.82020-01-08
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
- CVE-2017-12580HIGHCVSS 7.8EG 7.82020-03-02
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This…
- CVE-2017-15913HIGHCVSS 7.8EG 7.82018-01-08
The Installer in Whale allows DLL hijacking.
- CVE-2017-1711HIGHCVSS 7.8EG 7.82018-02-13
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
- CVE-2017-20123HIGHCVSS 8.8EG 7.82022-06-30
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. T…
- CVE-2017-2802HIGHCVSS 7.8EG 7.82018-04-24
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PAT…
- CVE-2017-5696HIGHCVSS 7.8EG 7.82018-01-18
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.
- CVE-2017-7327HIGHCVSS 7.8EG 7.82018-01-19
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
- CVE-2017-7755HIGHCVSS 7.8EG 7.82018-06-11
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack onl…
- CVE-2018-0507HIGHCVSS 7.8EG 7.82018-01-26
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a…
- CVE-2018-0515HIGHCVSS 7.8EG 7.82018-02-16
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0516HIGHCVSS 7.8EG 7.82018-02-16
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0517HIGHCVSS 7.8EG 7.82018-02-08
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0540HIGHCVSS 7.8EG 7.82018-03-22
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0543HIGHCVSS 7.8EG 7.82018-03-09
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0544HIGHCVSS 7.8EG 7.82018-03-09
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0552HIGHCVSS 7.8EG 7.82018-03-22
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0561HIGHCVSS 7.8EG 7.82018-04-16
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0562HIGHCVSS 7.8EG 7.82018-04-16
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0563HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker…
- CVE-2018-0580HIGHCVSS 7.8EG 7.82018-05-14
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, …
- CVE-2018-0592HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0593HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0594HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0595HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0596HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2018-0597HIGHCVSS 7.8EG 7.82018-06-26
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Map vulnerabilities like CWE-426 to your infrastructure
EchelonGraph correlates every CVE — across CWE-426 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →