Vulnerabilities > Uncontrolled Search Path Element

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-41141 Uncontrolled Search Path Element vulnerability in Windscribe 2.3.16
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe.
local
low complexity
windscribe CWE-427
7.8
2023-01-20 CVE-2020-25502 Uncontrolled Search Path Element vulnerability in Cybereason Endpoint Detection and Response 20.2.0
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
local
low complexity
cybereason CWE-427
7.8
2023-01-12 CVE-2023-0247 Uncontrolled Search Path Element vulnerability in Bloom Project Bloom
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
local
low complexity
bloom-project CWE-427
7.8
2023-01-11 CVE-2023-22947 Uncontrolled Search Path Element vulnerability in Shibboleth Service Provider
** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder.
local
low complexity
shibboleth CWE-427
7.3
2023-01-06 CVE-2022-44939 Uncontrolled Search Path Element vulnerability in Echatserver Easy Chat Server 3.1
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll.
local
low complexity
echatserver CWE-427
7.8
2022-12-22 CVE-2022-36314 When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows.
local
low complexity
CWE-427
5.5
2022-12-21 CVE-2022-46330 Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications.
local
low complexity
CWE-427
7.8
2022-12-19 CVE-2022-42945 Uncontrolled Search Path Element vulnerability in Autodesk DWG Trueview 2023
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability.
local
low complexity
autodesk CWE-427
7.8
2022-12-13 CVE-2022-43722 A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0).
local
low complexity
CWE-427
7.8
2022-12-13 CVE-2022-29580 There exists a path traversal vulnerability in the Android Google Search app.
local
low complexity
CWE-427
7.8