CWE-427 · Uncontrolled Search Path Element
1177 CVEs classified under CWE-427 (Uncontrolled Search Path Element). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40342 | Critical | 9.9 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates… |
CVE-2025-4981 | Critical | 9.9 | 2025-06-20 | Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extract… |
CVE-2025-69599 | Critical | 9.8 | 2026-05-08 | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disp… |
CVE-2019-25268 | Critical | 9.8 | 2026-01-08 | NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files fr… |
CVE-2023-53959 | Critical | 9.8 | 2025-12-19 | FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the appl… |
CVE-2025-65741 | Critical | 9.8 | 2025-12-09 | Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library… |
CVE-2024-23054 | Critical | 9.8 | 2024-02-05 | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++stati… |
CVE-2023-31543 | Critical | 9.8 | 2023-06-30 | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository se… |
CVE-2023-25143 | Critical | 9.8 | 2023-03-10 | An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state… |
CVE-2022-34825 | Critical | 9.8 | 2022-11-08 | Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe f… |
CVE-2022-24955 | Critical | 9.8 | 2022-02-11 | Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. |
CVE-2021-28955 | Critical | 9.8 | 2021-03-22 | git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on… |
CVE-2020-27955 | Critical | 9.8 | 2020-11-05 | Git LFS 2.12.0 allows Remote Code Execution. |
CVE-2019-20856 | Critical | 9.8 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. |
CVE-2019-20780 | Critical | 9.8 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are v… |
CVE-2020-10515 | Critical | 9.8 | 2020-04-02 | STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. |
CVE-2019-9546 | Critical | 9.8 | 2019-03-01 | SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. |
CVE-2019-7653 | Critical | 9.8 | 2019-02-09 | The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code in… |
CVE-2018-12805 | Critical | 9.8 | 2018-07-20 | Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. |
CVE-2017-3097 | Critical | 9.8 | 2017-06-20 | Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functio… |