External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

PT-2026-40760

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

CVE-2026-40421

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

Azure Monitor Agent Elevation of Privilege Vulnerability

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

External Control of File Name or Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

CVE-2026-30903

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...

PT-2026-24281

External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the music/playlists/update API endpoint. An attacker can execute arbitrary code by bypassing file extension enforcement and writing malicious files to arbitrary locations on the filesystem, such...

CVE-2026-26360

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...

External Control of File Name or Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of the targetDir parameter in the skill installation. An attacker can write files outside the intended installation sandbox b...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path. Go Vulnerability Report: Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive i...