CVEbaza.plCWE DictionaryCWE-427
Common Weakness Enumeration

CWE-427

Uncontrolled Search Path Element

Category: BaseCVE: 1,483
Description

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CVE vulnerabilities with CWE-427 (1,483)
9.9
CVSS
CRITICAL
CVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

pub. 2026-04-17
9.9
CVSS
CRITICAL
CVE-2025-4981

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.

pub. 2025-06-20
9.8
CVSS
CRITICAL
CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.

pub. 2026-05-08
9.8
CVSS
CRITICAL
CVE-2025-65741

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.

pub. 2025-12-09
9.8
CVSS
CRITICAL
CVE-2024-23054

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

pub. 2024-02-05
9.8
CVSS
CRITICAL
CVE-2023-31543

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.

pub. 2023-06-30
9.8
CVSS
CRITICAL
CVE-2023-25143

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.

pub. 2023-03-10
9.8
CVSS
CRITICAL
CVE-2022-34825

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.

pub. 2022-11-08
9.8
CVSS
CRITICAL
CVE-2022-24955

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.

pub. 2022-02-11
9.8
CVSS
CRITICAL
CVE-2021-28955

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

pub. 2021-03-22
9.8
CVSS
CRITICAL
CVE-2020-27955

Git LFS 2.12.0 allows Remote Code Execution.

pub. 2020-11-05
9.8
CVSS
CRITICAL
CVE-2019-20856

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.

pub. 2020-06-19
9.8
CVSS
CRITICAL
CVE-2019-20780

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).

pub. 2020-04-17
9.8
CVSS
CRITICAL
CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.

pub. 2020-04-02
9.8
CVSS
CRITICAL
CVE-2019-9546

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

pub. 2019-03-01
9.8
CVSS
CRITICAL
CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.

pub. 2019-02-09
9.8
CVSS
CRITICAL
CVE-2018-12805

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

pub. 2018-07-20
9.8
CVSS
CRITICAL
CVE-2017-3090

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

pub. 2017-06-20
9.8
CVSS
CRITICAL
CVE-2017-3092

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

pub. 2017-06-20
9.8
CVSS
CRITICAL
CVE-2017-3097

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

pub. 2017-06-20
Showing 20 of 1,483 vulnerabilities
Information
ID: CWE-427
Type: Base
Vulnerabilities: 1,483
MITRE CWE ↗
← CWE Dictionary