CVE-2026-21661

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

Amazon Linux 2 : python, --advisory ALAS2-2026-3128 (ALAS-2026-3128)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3128 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorith...

MiracleLinux 8 : postgresql:10 (AXSA:2023-6326:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6326:01 advisory. postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after...

CVE-2025-14605 Quartus Prime Pro Edition Advisory

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows System Console modules allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1...

Uncontrolled Search Path Element

Overview TkEasyGUI is a TkEasyGUI is simple GUI Library for Python3 with Tkinter Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the search path element. An attacker can execute arbitrary code with the privileges of the running program by placing a malicio...

xml2rfc has an arbitrary file read vulnerability

Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. Credits This vulnerability was reporte...

CLSA-2025-1745585192 ruby: Fix of 3 CVEs

CVE-2025-27219: fix a potential Denial of Service DoS vulnerability in cookie parsing - CVE-2025-27220: fix ReDoS vulnerability exists in the escapeElement method - CVE-2025-27221: fix he URI handling methods URI.join, URImerge, URI+...

GO-2024-3170 Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent

Grafana Agent Flow mode on Windows has Unquoted Search Path or Element vulnerability in github.com/grafana/agent...

Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability

Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM. This issue affects Agent Flow before 0.43.3...

PT-2023-18146 · Unknown · Secure Element

Name of the Vulnerable Software and Affected Versions: Secure Element affected versions not specified Description: In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User...

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

PT-2022-27023 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element vulnerability. This vulnerability is due to the use of a variable pointing to a subdirectory that may be controllable b...

The vulnerability of the Html::rawElement and Message::text components of the software environment for implementing the hypertext environment of MediaWiki allows a attacker to perform XSS attacks.

The vulnerability of the Html::rawElement and Message::text components of the software environment for implementing the MediaWiki hypertext environment exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry o...

Mozilla Firefox Security Advisory (MFSA2013-94) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Adobe Acrobat 代码问题漏洞

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to uncontrolled search path element vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

Adobe RoboHelp 代码问题漏洞

Adobe RoboHelp is a software application from Adobe USA. Next-generation software for authoring and publishing help, strategy, and knowledge base content. Adobe RoboHelp is vulnerable to an uncontrolled search path element vulnerability. An attacker can exploit this vulnerability to elevate...

Adobe Illustrator 代码问题漏洞

Adobe Illustrator 2020 is a vector graphics editor. An uncontrolled search path element vulnerability exists in Adobe Illustrator 2020 25.0 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary code...

UBUNTU-CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a quoted font family value...

CVE-2017-14017

An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file...

CVE-2017-13993

The vulnerability CVE-2017-13993 affects i-SENS SmartLog Diabetes Management Software (Version 2.4.0 and earlier). Root cause: Uncontrolled search path element that allows loading a malicious DLL placed in the search path, enabling arbitrary code execution when the DLL is loaded by a local user. ...