CWE-427— Uncontrolled Search Path Element
1,094 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-427page 14 of 22
- CVE-2023-5463HIGHCVSS 7.8EG 7.82023-10-09
A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to …
- CVE-2023-6132HIGHCVSS 7.3EG 7.32024-02-29
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.
- CVE-2023-6235HIGHCVSS 7.8EG 7.82023-11-21
An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directo…
- CVE-2023-6338HIGHCVSS 7.8EG 7.82024-01-03
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
- CVE-2023-6401MEDIUMCVSS 5.3EG 5.32023-11-30
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approac…
- CVE-2023-6740HIGHCVSS 8.8EG 8.82024-01-12
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
- CVE-2023-6891MEDIUMCVSS 5.3EG 5.32023-12-17
A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncont…
- CVE-2024-0670HIGHCVSS 8.8EG 8.82024-03-11
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
- CVE-2024-0980HIGHCVSS 7.1EG 7.12024-03-28
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.
- CVE-2024-10068HIGHCVSS 7.8EG 7.82024-10-17
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled sear…
- CVE-2024-10093HIGHCVSS 7.8EG 7.82024-10-17
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attac…
- CVE-2024-10389HIGHCVSS 7.5EG 7.52024-11-04
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading…
- CVE-2024-10930HIGHCVSS 7.8EG 7.82025-03-04
An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.
- CVE-2024-1182HIGHCVSS 7.0EG 7.02024-07-04
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsu…
- CVE-2024-11859HIGHCVSS 8.4EG 0.02025-04-07
DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code.
- CVE-2024-12530HIGHCVSS 7.0EG 0.02025-04-17
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious…
- CVE-2024-13946MEDIUMCVSS 6.8EG 6.82025-05-22
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Serie…
- CVE-2024-13976HIGHCVSS 8.5EG 0.02025-07-25
A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loadin…
- CVE-2024-1595HIGHCVSS 7.8EG 7.82024-02-29
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.
- CVE-2024-20338HIGHCVSS 7.3EG 7.32024-03-06
A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled s…
- CVE-2024-20366HIGHCVSS 7.8EG 7.82024-05-15
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected dev…
- CVE-2024-20430HIGHCVSS 7.3EG 7.32024-09-12
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory s…
- CVE-2024-21766MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21769MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21772MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21774MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21777MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21784MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21788MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21814MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21818MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21830MEDIUMCVSS 6.7EG 6.72025-02-12
Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21831MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21837MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21841MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21843MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21857MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21861MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-21862MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-2207MEDIUMCVSS 6.0EG 6.02024-11-12
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the …
- CVE-2024-2208HIGHCVSS 8.8EG 8.82024-11-12
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the …
- CVE-2024-22167HIGHCVSS 7.9EG 7.92024-03-13
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has a…
- CVE-2024-22184MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-22346HIGHCVSS 8.4EG 8.42024-03-14
Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-For…
- CVE-2024-22376MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-22379MEDIUMCVSS 6.7EG 6.72024-05-16
Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-22450HIGHCVSS 7.4EG 7.42024-04-10
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.
- CVE-2024-23054CRITICALCVSS 9.8EG 9.82024-02-05
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
- CVE-2024-23312MEDIUMCVSS 6.7EG 6.72024-11-13
Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-23489MEDIUMCVSS 6.7EG 6.72024-08-14
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
Map vulnerabilities like CWE-427 to your infrastructure
EchelonGraph correlates every CVE — across CWE-427 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →