External Control of File Name or Path

Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

CVE-2026-32204

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

EUVD-2026-29487

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

Exploit for External Control of File Name or Path in Microsoft

No d...

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

CVE-2026-26361

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /3/Parse and /3/Frames/framename/export endpoints. An attacker can overwrite arbitrary files on the server, including sensitive files such as private SSH keys or script files, by injecting...

Windows Telephony Service Elevation of Privilege Vulnerability

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

CVE-2025-67461

CVE-2025-67461 affects Zoom Rooms for macOS prior to 6.6.0. The issue is external control of a file name or path, enabling an authenticated user to disclose information via local access. Impact is information disclosure (confidentiality). Remediation: update Zoom Rooms for macOS to version 6.6.0 ...

Fortinet FortiClientMAC 安全漏洞

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code execution vulnerability exists in Fortinet FortiClientMAC that originates from an external control of a file name or path, which can be exploited by a local attacker to execute arbitrary co...

Reliance on File Name or Extension of Externally-Supplied File

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File due to insufficient scanning of non-standard pickle file extensions. Remediation...

PT-2024-6549 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to incorrect external control of a file name or path in Microsoft Outlook for Windows operating systems. Exploitation of this issue may allow an attacker to...

CVE-2024-38432

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File...

Mitsubishi Electric FA Engineering Software Security Vulnerability

Mitsubishi Electric FA Engineering Software is a series of engineering software from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric FA Engineering Software, which is a malicious code execution vulnerability that originates from an externally controlled file name...