CWE-427: CWE-427

OpenClaw versions before 2026.2.14 have a command hijacking vulnerability where attackers can manipulate PATH environment variables to execute malicio...

Dell Command | Intel vPro Out of Band versions before 4.7.0 have a path traversal vulnerability that allows local low-privileged attackers to execute ...

This vulnerability allows authenticated standard users to trick Process Optimization services into loading arbitrary code, leading to privilege escala...

This vulnerability in NVIDIA TAO allows attackers to load malicious resources via uncontrolled search paths, potentially leading to privilege escalati...

DigiSign DigiSigner ONE 1.0.4.60 is vulnerable to DLL hijacking, allowing attackers to execute arbitrary code by placing a malicious DLL in a location...

This vulnerability allows attackers to replace trusted executables in Salesforce CLI on Windows by exploiting an uncontrolled search path element. Att...

IBM Cognos Dashboards on Cloud Pak for Data is vulnerable to dependency confusion attacks, allowing remote attackers to execute unauthorized actions b...

This vulnerability in HP PC audio drivers allows local attackers to escalate privileges on affected systems. Attackers could gain SYSTEM-level access ...

This vulnerability allows local authenticated attackers to perform DLL hijacking in Ivanti Workspace Control's management console, enabling privilege ...

This vulnerability in Ubuntu's wpa_supplicant allows local unprivileged users to load arbitrary shared objects, leading to privilege escalation to roo...

This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Xenon installations by tricking users into opening malicious fil...

This vulnerability allows local users on Windows systems running vulnerable Checkmk agent plugins to escalate privileges to SYSTEM level. It affects C...

This vulnerability in EnterpriseDB Postgres Advanced Server (EPAS) allows attackers to execute arbitrary code by exploiting search_path attacks agains...

This vulnerability in Intel AI Hackathon software allows attackers to place malicious files in locations the software searches, potentially enabling p...

This vulnerability in Intel's WULT software allows attackers to escalate privileges by exploiting an uncontrolled search path. Unauthenticated users c...

This vulnerability allows local attackers to escalate privileges to SYSTEM level on Windows systems by exploiting DLL hijacking in M-Files Installer. ...

This vulnerability allows authenticated users with Scan Policy Configuration roles in Tenable products to manipulate audit policy variables and execut...

This vulnerability in pg_ivm allows attackers to execute arbitrary functions with the privileges of the materialized view owner by exploiting an uncon...

This vulnerability allows a local Windows user with lower privileges to escalate to the Splunk user account through a path misconfiguration. It affect...

The Eaton UPS Companion software installer fails to properly authenticate library files, allowing attackers who can modify the software package to exe...

The Eaton IPP software installer improperly authenticates library files, allowing attackers with access to the software package to execute arbitrary c...

This DLL hijacking vulnerability in the ToolStick installer allows attackers to place malicious DLLs in directories searched by the installer, leading...

This DLL hijacking vulnerability in the CP210 VCP Win 2k installer allows attackers to escalate privileges and execute arbitrary code by placing malic...

This CVE describes a DLL hijacking vulnerability in the CP210x VCP Windows installer that allows attackers to escalate privileges and execute arbitrar...

This CVE describes a DLL hijacking vulnerability in the USBXpress Dev Kit installer where an uncontrolled search path allows attackers to place malici...

This CVE describes a DLL hijacking vulnerability in the USBXpress 4 SDK installer that allows attackers to execute arbitrary code with elevated privil...

This CVE describes a DLL hijacking vulnerability in the USBXpress SDK installer where an uncontrolled search path allows attackers to place malicious ...

This DLL hijacking vulnerability in the USBXpress Win 98SE Dev Kit installer allows attackers to escalate privileges and execute arbitrary code by pla...

This CVE describes a DLL hijacking vulnerability in Silicon Labs 8-bit IDE installer where an uncontrolled search path allows attackers to place malic...

This DLL hijacking vulnerability in Configuration Wizard 2 installer allows attackers to escalate privileges and execute arbitrary code by placing mal...

This DLL hijacking vulnerability in the Flash Programming Utility installer allows attackers to escalate privileges and execute arbitrary code by plac...

This vulnerability in GitLab's Visual Studio Code extension allows attackers to execute arbitrary code on users' systems through client-side exploitat...

This vulnerability allows users with program compilation or restoration capabilities on IBM i systems to gain elevated privileges through an unqualifi...

A DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 allows local unprivileged attackers to execute arbitrary code with SYSTEM privileges by pla...

CVE-2025-56383 is a DLL hijacking vulnerability in Notepad++ v8.8.3 that allows attackers to replace legitimate DLL files with malicious ones, potenti...

This vulnerability in Blizzard Battle.net allows attackers to escalate privileges by placing a malicious script or executable in the C:\ProgramData di...

This vulnerability in IBM i and IBM Rational Development Studio for i allows a local user to execute arbitrary code with administrator privileges due ...

This vulnerability in IBM Db2 for i allows a local user to escalate privileges through an unqualified library call, enabling execution of user-control...

CVE-2020-25244 is a DLL hijacking vulnerability in Siemens LOGO! Soft Comfort software that allows local attackers to execute arbitrary code by placin...

CVE-2021-28570 is an uncontrolled search path vulnerability in Adobe After Effects that allows attackers to plant malicious binaries in specific locat...

NVIDIA Display Driver has a DLL hijacking vulnerability (CWE-427) where attackers can place malicious DLLs in uncontrolled search paths. This allows l...

This vulnerability in NVIDIA GPU Display Driver for Windows allows low-privileged users to escalate privileges when an administrator updates GPU drive...

PostgreSQL Anonymizer extension contains a privilege escalation vulnerability where users can create malicious operators in schemas with CREATE permis...