Weaknesses of type CWE-427
843 resultsCVE-2025-14498HIGHTradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation VulnerabilityEPSS 0.1%CVE-2025-57624HIGHA DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple EPSS 0.1%CVE-2025-49148HIGHClipShare Server Allows Local Privilege Escalation via DLL HijackingEPSS 0.1%CVE-2025-14406HIGHSoda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityEPSS 0.1%CVE-2025-25011HIGHBeats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows InstallerEPSS 0.1%CVE-2026-40004MEDIUMopenssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartviewEPSS 0.1%CVE-2025-62185MEDIUMIn Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed EPSS 0.1%CVE-2026-36574HIGHA DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary codEPSS 0.1%CVE-2025-2272HIGHPrivilege Escalation and Arbitrary code execution in F1E EndpointEPSS 0.1%CVE-2026-6645HIGHInsecure Search Path Vulnerability in PaperCut Print Deploy Client for WindowsEPSS 0.1%CVE-2024-2207MEDIUMSound Research SECOMN64 Escalation of PrivilegeEPSS 0.1%CVE-2026-12003MEDIUMCPython >3.11 Insecure Input Validation resulting in privilege escalationEPSS 0.1%CVE-2026-22270MEDIUMDell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulneEPSS 0.1%CVE-2025-67450HIGHDue to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package
could perfEPSS 0.1%CVE-2024-55955MEDIUMAn incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 couEPSS 0.1%CVE-2025-48503HIGHA DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting inEPSS 0.1%CVE-2022-50808HIGHCoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service PathEPSS 0.1%CVE-2025-0712HIGHAPM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows InstallerEPSS 0.1%CVE-2026-50100HIGHMultiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If thiEPSS 0.1%CVE-2025-64726HIGHExternal Control of System or Configuration Setting and Uncontrolled Search Path Element in sfwEPSS 0.1%