CWE-427 · Uncontrolled Search Path Element

1177 CVEs classified under CWE-427 (Uncontrolled Search Path Element). Browse by severity and year.

Top CVEs for CWE-427
CVESeverityScorePublishedSummary
CVE-2026-40342Critical9.92026-04-17Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates…
CVE-2025-4981Critical9.92025-06-20Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extract…
CVE-2025-69599Critical9.82026-05-08RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disp…
CVE-2019-25268Critical9.82026-01-08NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files fr…
CVE-2023-53959Critical9.82025-12-19FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the appl…
CVE-2025-65741Critical9.82025-12-09Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library…
CVE-2024-23054Critical9.82024-02-05An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++stati…
CVE-2023-31543Critical9.82023-06-30A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository se…
CVE-2023-25143Critical9.82023-03-10An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state…
CVE-2022-34825Critical9.82022-11-08Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe f…
CVE-2022-24955Critical9.82022-02-11Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.
CVE-2021-28955Critical9.82021-03-22git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on…
CVE-2020-27955Critical9.82020-11-05Git LFS 2.12.0 allows Remote Code Execution.
CVE-2019-20856Critical9.82020-06-19An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2019-20780Critical9.82020-04-17An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are v…
CVE-2020-10515Critical9.82020-04-02STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.
CVE-2019-9546Critical9.82019-03-01SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2019-7653Critical9.82019-02-09The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code in…
CVE-2018-12805Critical9.82018-07-20Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2017-3097Critical9.82017-06-20Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functio…