Vulnerabilities (CVE)

Filtered by CWE-427
Total 893 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-21127 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2025-02-11 N/A 7.8 HIGH
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.
CVE-2024-53977 2025-02-11 N/A 6.7 MEDIUM
A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.
CVE-2024-48091 2025-02-10 N/A 7.8 HIGH
Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
CVE-2022-30548 1 Intel 1 Glorp 2025-02-05 N/A 6.7 MEDIUM
Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-27638 1 Intel 1 Advanced Link Analyzer 2025-02-05 N/A 6.7 MEDIUM
Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-27187 1 Intel 1 Quartus Prime 2025-02-05 N/A 6.7 MEDIUM
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-26086 1 Intel 1 Gametechdev Presentmon 2025-02-05 N/A 6.7 MEDIUM
Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22184 1 Intel 1 Quartus Prime 2025-02-04 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38383 2 Intel, Microsoft 2 Quartus Prime, Windows 2025-02-04 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38668 2 Intel, Microsoft 2 Quartus Prime, Windows 2025-02-04 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36253 2 Intel, Microsoft 2 Server Debug And Provisioning Tool, Windows 2025-02-04 N/A 6.7 MEDIUM
Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36380 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2025-02-04 N/A 6.7 MEDIUM
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22450 1 Dell 1 Alienware Command Center 2025-01-31 N/A 7.4 HIGH
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.
CVE-2023-39254 1 Dell 1 Update Package Framework 2025-01-31 N/A 6.7 MEDIUM
Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.
CVE-2024-2658 2025-01-30 N/A N/A
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
CVE-2023-30237 1 Cyberghostvpn 1 Cyberghost 2025-01-29 N/A 7.8 HIGH
CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.
CVE-2022-26028 1 Intel 1 Vtune Profiler 2025-01-29 N/A 6.7 MEDIUM
Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-33064 1 Intel 1 System Studio 2025-01-29 N/A 6.7 MEDIUM
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21814 1 Intel 1 Chipset Device Software 2025-01-28 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21837 1 Intel 1 Quartus Prime 2025-01-28 N/A 6.7 MEDIUM
Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.