CWE-427 (对搜索路径元素未加控制) — Vulnerability Class 538

538 vulnerabilities classified as CWE-427 (对搜索路径元素未加控制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13919	Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client — Symantec Endpoint Protection Windows Client	4.4	Medium	2026-01-28
CVE-2026-21408	FUJIFILM beat-access 代码问题漏洞 — beat-access for Windows	8.4^AI	High^AI	2026-01-27
CVE-2025-30248	Western Digital WD Discovery 安全漏洞 — WD Discovery	7.8^AI	High^AI	2026-01-26
CVE-2025-71178	Crucial Storage Executive < 11.08.082025.00 Installer DLL Preloading LPE — Crucial Storage Executive	7.8^AI	High^AI	2026-01-26
CVE-2026-0776	Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — Client	7.8	-	2026-01-23
CVE-2026-23755	D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path — D-View 8	7.8^AI	High^AI	2026-01-21
CVE-2026-24016	Fsas ServerView Agents 代码问题漏洞 — ServerView Agents for Windows	8.4^AI	High^AI	2026-01-21
CVE-2025-33231	NVIDIA CUDA toolkit 代码问题漏洞 — CUDA Toolkit	6.7	Medium	2026-01-20
CVE-2025-33229	NVIDIA CUDA toolkit 代码问题漏洞 — CUDA Toolkit	7.3	High	2026-01-20
CVE-2025-65118	AVEVA Process Optimization Uncontrolled Search Path Element — Process Optimization	8.8	High	2026-01-16
CVE-2022-50808	CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path — Cooler Master MasterPlus	8.4	High	2026-01-13
CVE-2026-21427	PIONEER USB DAC Amplifier和PIONEER Stellanova 代码问题漏洞 — USB DAC Amplifier APS-DA101JS	8.4	-	2026-01-08
CVE-2019-25268	NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution — BEopt	9.8	Critical	2026-01-07
CVE-2025-14625	Quartus® Prime Standard and Quartus® Prime Lite Security Advisory — Quartus Prime Standard	6.7	Medium	2026-01-06
CVE-2025-14599	Quartus® Prime Standard and Quartus® Prime Lite Security Advisory — Quartus Prime Standard	6.7	Medium	2026-01-06
CVE-2025-14605	Quartus Prime Pro Edition Advisory — Quartus Prime Pro	6.7	Medium	2026-01-06
CVE-2025-14596	Quartus Prime Pro Edition Installer Advisory — Quartus Prime Pro	6.7	Medium	2026-01-06
CVE-2025-67450	Eaton UPS Companion 安全漏洞 — UPS Companion software	7.8	High	2025-12-26
CVE-2025-59887	Eaton UPS Companion 安全漏洞 — Eaton UPS Companion Software	8.6	High	2025-12-26
CVE-2025-14406	Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — Desktop	7.8^AI	High^AI	2025-12-23
CVE-2025-14405	PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability — Enhanced	8.4^AI	High^AI	2025-12-23
CVE-2025-14498	TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability — Desktop	7.8^AI	High^AI	2025-12-23
CVE-2023-53959	FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll — FileZilla Client	9.8	Critical	2025-12-19
CVE-2023-53937	Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library — Hubstaff	7.8	High	2025-12-18
CVE-2025-53000	nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows — nbconvert	8.8^AI	High^AI	2025-12-17
CVE-2025-13670	High Level Synthesis Compiler Security Advisory — High Level Synthesis Compiler	6.7	Medium	2025-12-12
CVE-2025-13669	High Level Synthesis Compiler Security Advisory — High Level Synthesis Compiler	6.7	Medium	2025-12-12
CVE-2025-13665	Quartus Prime Standard Security Advisory — Quartus Prime Standard	6.7	Medium	2025-12-12
CVE-2025-13668	Quartus Prime Pro Edition Advisory — Quartus Prime Pro	6.7	Medium	2025-12-11
CVE-2025-13664	Quartus Prime Standard Security Advisory — Quartus Prime Standard	6.7	Medium	2025-12-11

Vulnerabilities classified as CWE-427 (对搜索路径元素未加控制) represent 538 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-427 (对搜索路径元素未加控制) — Vulnerability Class 538