CWE-426— Untrusted Search Path

400 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-426page 1 of 8

CVE-2011-4125CRITICALCVSS 9.8EG 9.8
2021-10-27
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2013-2773HIGHCVSS 7.8EG 7.8
2020-01-14
Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution
CVE-2013-3494HIGHCVSS 7.8EG 7.8
2020-02-12
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.
CVE-2013-3942HIGHCVSS 7.8EG 7.8
2020-02-11
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability
CVE-2014-3860HIGHCVSS 7.8EG 7.8
2020-02-12
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
CVE-2016-10837HIGHCVSS 7.5EG 7.5
2019-08-01
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
CVE-2016-6593HIGHCVSS 7.8EG 7.8
2020-01-08
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
CVE-2017-12580HIGHCVSS 7.8EG 7.8
2020-03-02
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This…
CVE-2017-15913HIGHCVSS 7.8
2018-01-08
The Installer in Whale allows DLL hijacking.
CVE-2017-1711HIGHCVSS 7.8
2018-02-13
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
CVE-2017-20123HIGHCVSS 8.8EG 7.8
2022-06-30
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. T…
CVE-2017-2802HIGHCVSS 7.8
2018-04-24
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PAT…
CVE-2017-5696HIGHCVSS 7.8
2018-01-18
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.
CVE-2017-7327HIGHCVSS 7.8
2018-01-19
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
CVE-2017-7755HIGHCVSS 7.8
2018-06-11
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack onl…
CVE-2018-0507HIGHCVSS 7.8
2018-01-26
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a…
CVE-2018-0515HIGHCVSS 7.8
2018-02-16
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0516HIGHCVSS 7.8
2018-02-16
Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0517HIGHCVSS 7.8
2018-02-08
Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0540HIGHCVSS 7.8
2018-03-22
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0543HIGHCVSS 7.8
2018-03-09
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0544HIGHCVSS 7.8
2018-03-09
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0552HIGHCVSS 7.8
2018-03-22
Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0561HIGHCVSS 7.8
2018-04-16
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0562HIGHCVSS 7.8
2018-04-16
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0563HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker…
CVE-2018-0580HIGHCVSS 7.8
2018-05-14
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, …
CVE-2018-0592HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0593HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0594HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0595HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0596HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0597HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0598HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0599HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0600HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0601HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0609HIGHCVSS 7.8
2018-06-26
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0619HIGHCVSS 7.8
2018-07-26
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified di…
CVE-2018-0620HIGHCVSS 7.8
2018-07-26
Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0621HIGHCVSS 7.8
2018-07-26
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0623HIGHCVSS 7.8
2018-09-07
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.…
CVE-2018-0624HIGHCVSS 7.8
2018-09-07
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.…
CVE-2018-0648HIGHCVSS 7.8
2018-09-07
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0649HIGHCVSS 7.8
2018-09-07
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all pr…
CVE-2018-0656HIGHCVSS 7.8
2018-09-04
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0667HIGHCVSS 7.8
2019-01-09
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-0692HIGHCVSS 7.8
2018-11-15
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2018-1000201HIGHCVSS 7.8
2018-06-22
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
CVE-2018-10027HIGHCVSS 7.8
2018-05-17
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(…

Map vulnerabilities like CWE-426 to your infrastructure

EchelonGraph correlates every CVE — across CWE-426 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →