Lucene search
K

27 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.4AI score0.00093EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 6:7 a.m.11 views

External Control of File Name or Path

Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:17 p.m.20 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.9 views

CVE-2026-32204

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.9 views

EUVD-2026-29487

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.16 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS0.00869EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:11 p.m.8 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.12 views

SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:4 a.m.1 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/01 9:11 p.m.115 views

Exploit for External Control of File Name or Path in Microsoft

No d...

6.5CVSS7.1AI score0.58974EPSS
Exploits20
NVD
NVD
added 2026/03/24 1:16 p.m.5 views

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS0.01417EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/19 8:14 a.m.31 views

CVE-2026-26361

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

6.5CVSS0.00227EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/02/16 12:0 a.m.3 views

The vulnerability of the NTLM protocol implementation in Windows operating systems allows attackers to perform spoofing attacks.

The vulnerability of the NTLM protocol in Windows operating systems is related to external file name or path control. Exploiting this vulnerability allows attackers to perform spoofing attacks...

3.3CVSS5.8AI score0.11356EPSS
Exploits0References2Affected Software19
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:51 p.m.6 views

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

3.3CVSS5.5AI score0.11356EPSS
Exploits0References2Affected Software19
Snyk
Snyk
added 2026/02/02 12:31 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /3/Parse and /3/Frames/framename/export endpoints. An attacker can overwrite arbitrary files on the server, including sensitive files such as private SSH keys or script files, by injecting...

9.1CVSS6.7AI score0.00629EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/01/13 4:0 p.m.7 views

Windows Telephony Service Elevation of Privilege Vulnerability

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS7AI score0.0075EPSS
Exploits0
CVE
CVE
added 2025/12/10 8:29 p.m.17 views

CVE-2025-67461

CVE-2025-67461 affects Zoom Rooms for macOS prior to 6.6.0. The issue is external control of a file name or path, enabling an authenticated user to disclose information via local access. Impact is information disclosure (confidentiality). Remediation: update Zoom Rooms for macOS to version 6.6.0 ...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.8 views

The vulnerability of the NTLM protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the NTLM protocol implemented by the Windows operating system is related to external file name or path control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS7.7AI score0.58974EPSS
Exploits20References5
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.7 views

Fortinet FortiClientMAC 安全漏洞

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code execution vulnerability exists in Fortinet FortiClientMAC that originates from an external control of a file name or path, which can be exploited by a local attacker to execute arbitrary co...

8.2CVSS7.8AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder