Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-426 (不可信的搜索路径) — Vulnerability Class 193

193 vulnerabilities classified as CWE-426 (不可信的搜索路径). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection — coreutils 7.2 High2026-04-22
CVE-2026-35603 Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows — claude-code 7.3AIHighAI2026-04-17
CVE-2026-40947 Yubico多款产品 安全漏洞 — libfido2 2.9 Low2026-04-15
CVE-2026-27290 Adobe Framemaker | Untrusted Search Path (CWE-426) — Adobe Framemaker 8.6 High2026-04-14
CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking — opentelemetry-go 9.8AICriticalAI2026-04-08
CVE-2025-39666 omd: Local privilege escalation when executing omd commands as root — Checkmk 7.8AIHighAI2026-04-07
CVE-2022-4987 Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution — Hirschmann Industrial HiVision 7.3 High2026-04-03
CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation — Foxit PDF Reader 7.3 High2026-04-01
CVE-2026-33156 DLL Sideloading in ScreenToGif — ScreenToGif 7.8 High2026-03-20
CVE-2026-25792 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin — greenshot 6.5 Medium2026-03-20
CVE-2026-32032 OpenClaw < 2026.2.22 - Arbitrary Shell Execution via Unvalidated SHELL Environment Variable — OpenClaw 7.8 High2026-03-19
CVE-2026-32016 OpenClaw < 2026.2.22 - Path Traversal via Basename-Only Allowlist Matching on macOS — OpenClaw 7.8 High2026-03-19
CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation — OpenClaw 7.8 High2026-03-19
CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins — OpenClaw 5.7 Medium2026-03-19
CVE-2026-21333 Illustrator | Untrusted Search Path (CWE-426) — Illustrator 8.6 High2026-03-10
CVE-2026-25190 Windows GDI Remote Code Execution Vulnerability — Windows 10 Version 1607 7.8 High2026-03-10
CVE-2026-29089 TimescaleDB uses untrusted search path during extension upgrade — timescaledb 8.8 High2026-03-06
CVE-2026-2998 eAI Technologies|ERP - DLL Hijacking — ERP F2 7.8 High2026-02-23
CVE-2026-25926 Notepad++ has an Untrusted Search Path — notepad-plus-plus 7.3 High2026-02-18
CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows) — sumatrapdf 7.8 High2026-02-09
CVE-2025-15321 Tanium addressed an improper input validation vulnerability in Tanium Appliance. — Tanium Appliance 2.7 Low2026-02-05
CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure — App Connect Enterprise Certified Container 5.1 Medium2026-02-05
CVE-2026-0662 Untrusted Search Path Vulnerability when opening max Files — 3ds Max 7.8 High2026-02-04
CVE-2025-65078 Untrusted search path vulnerability in Embedded Solutions Framework — MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ 8.8AIHighAI2026-02-03
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking — opentelemetry-go 7.0 High2026-02-02
CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access — Native Access 5.5AIMediumAI2026-02-02
CVE-2026-23512 SumatraPDF has an Untrusted Search Path in sumatrapdf/src/AppTools.cpp — sumatrapdf 8.6 High2026-01-14
CVE-2026-21280 Illustrator | Untrusted Search Path (CWE-426) — Illustrator 8.6 High2026-01-13
CVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution Vulnerability — Microsoft Office 2016 7.0 High2026-01-13
CVE-2025-12793 ASUS System Control Interface 安全漏洞 — ASCI 7.3 -2026-01-06

Vulnerabilities classified as CWE-426 (不可信的搜索路径) represent 193 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.