CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions: Azure Arc affected versions not specified Description: The software contains a flaw related to external control of file name or path. This allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is n...

7.8CVSS6.2AI score0.00622EPSS

Exploits0References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2019-3681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Developmen...

9.8CVSS6.9AI score0.00913EPSS

Exploits1References2

CNNVD•added 2025/08/20 12:0 a.m.•1 views

WordPress plugin WP Travel Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.8AI score0.00158EPSS

Exploits0References2

OSV•added 2025/08/12 6:15 p.m.•4 views

CVE-2025-53769

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...

5.5CVSS5.8AI score0.01502EPSS

Exploits0References1

CVE•added 2025/08/12 5:10 p.m.•24 views

CVE-2025-53769

CVE-2025-53769 : Windows Security App contains a flaw enabling spoofing via external control of a file name or path, allowing an authorized local attacker to spoof UI. Affected: Windows Security App. Root cause: file/path parameter control leading to spoofing. Impact: local spoofing of user inter...

5.5CVSS7.1AI score0.01502EPSS

Exploits0References1Affected Software1

CVE•added 2025/08/07 5:9 a.m.•16 views

CVE-2025-29866

CVE-2025-29866 affects TAGFREE X-Free Uploader XFU with an External Control of File Name or Path vulnerability (Parameter Injection). From the available details, the affected versions are 1.0.1.0084 before 1.0.1.0085 and 2.0.1.0034 before 2.0.1.0035. The CVSS vector indicates high impact with net...

8.8CVSS6.6AI score0.00385EPSS

Exploits0References1

CNVD•added 2025/07/23 12:0 a.m.•2 views

WordPress HT Contact Form 7 File Inclusion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress HT Contact Form 7, which stems from improper file name control and can be exploited by an attacker to cause a PHP native...

6.6CVSS6.9AI score0.00501EPSS

Exploits0References1

CNNVD•added 2025/07/16 12:0 a.m.•1 views

WordPress plugin HT Contact Form 7 安全漏洞

6.6CVSS6.5AI score0.00501EPSS

Exploits0References1

NVD•added 2025/06/13 9:15 a.m.•9 views

CVE-2025-36506

External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...

6.9CVSS0.00284EPSS

Exploits0References2

Snyk•added 2025/06/10 3:43 p.m.•2 views

External Control of File Name or Path

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to External Control of File Name or Path via the upload endpoints. An attacker with the FILEUPLOAD permission can move files from the host into the upload folder, from where they can ...

5.4CVSS6.9AI score0.00102EPSS

Exploits0References2

CVE•added 2025/06/06 9:21 a.m.•48 views

CVE-2025-48781

The CVE-2025-48781 issue affects Soar Cloud HRD Human Resource Management System, specifically versions prior to and including 7.3.2025.0408. The vulnerability is an external control of file name or path in the download file function, enabling remote attackers to obtain partial files by specifyin...

8.7CVSS6.8AI score0.00308EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/23 8:38 a.m.•3 views

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

6.3CVSS7.5AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:57 a.m.•4 views

CVE-2023-1070

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

7.1CVSS6.7AI score0.00334EPSS

Exploits1References1

CNNVD•added 2025/05/23 12:0 a.m.•2 views

WordPress plugin Tourmaster 安全漏洞

8.1CVSS7.6AI score0.00547EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:42 p.m.•4 views