157 matches found
CVE-2025-64739
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...
CVE-2025-64739
The CVE-2025-64739 issue affects Zoom Workplace and Zoom Clients. The vulnerability is described as external control of a file name or path, enabling an unauthenticated user to disclose information over the network. Public advisories (NCSC, Red Hat, CVE listings) confirm the flaw and indicate mit...
CVE-2025-64739 Zoom Clients - External Control of File Name or Path
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...
PT-2025-46831
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally...
CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally...
EUVD-2025-93446
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally...
CVE-2025-59511
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally...
CVE-2025-20614
External control of file name or path for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privileg...
PT-2025-46461
Name of the Vulnerable Software and Affected Versions Windows WLAN Service affected versions not specified Description An issue exists in the Windows WLAN Service where external control of a file name or path can be exploited by an authorized attacker to gain elevated privileges locally...
Zoom Workplace < 6.5.10 Vulnerability (ZSB-25041)
The version of Zoom Workplace installed on the remote host is prior to 6.5.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25041 advisory. - External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of...
WordPress plugin Kleo 安全漏洞
WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...
CVE-2025-8048
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...
CVE-2025-59292
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...
EUVD-2025-34361
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...
EUVD-2025-34398
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...
Azure Compute Gallery Elevation of Privilege Vulnerability
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...
Confidential Azure Container Instances Elevation of Privilege Vulnerability
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...
NTLM Hash Disclosure Spoofing Vulnerability
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...
EUVD-2025-17763
Malicious code in bioql PyPI...