CVE Database

10+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

10 results for "CWE-42"

CVE-2025-58079
4.3 MEDIUM

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.

Oct 16, 2025
CVE-2025-57716
6.7 MEDIUM

An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged …

Oct 14, 2025
CVE-2025-9818
6.7 MEDIUM

A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file …

Sep 17, 2025
CVE-2025-9043

The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as …

Aug 14, 2025
CVE-2025-23177
7.6 HIGH

CWE-427: Uncontrolled Search Path Element

Apr 29, 2025
CVE-2024-45246
7.3 HIGH

Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element

Oct 6, 2024
CVE-2024-31201
6.5 MEDIUM

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the …

Jul 31, 2024
CVE-2024-2747
7.8 HIGH

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name …

Jun 12, 2024
CVE-2023-45598
5.3 MEDIUM

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. …

Mar 5, 2024
CVE-2023-45596
5.3 MEDIUM

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. …

Mar 5, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.