CVE-2023-23920

MEDIUM Year: 2023
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-426
View all →

Vulnerability Description

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Related Vulnerabilities

CVE-2021-21562

MEDIUM
CVSS:4.4(Medium)

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AU...

CWE-4262021

CVE-2024-13524

LOW
CVSS:4.5(Medium)

A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unt...

CWE-4262024

CVE-2025-0567

LOW
CVSS:4.5(Medium)

A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation...

CWE-4262025

CVE-2025-0732

LOW
CVSS:4.5(Medium)

A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipula...

CWE-4262025

CVE-2025-0733

LOW
CVSS:4.5(Medium)

A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search p...

CWE-4262025

CVE-2025-0145

MEDIUM
CVSS:4.6(Medium)

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

CWE-4262025