62 matches found
EUVD-2025-202604
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-67461
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-64738
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
EUVD-2025-175326
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-64738
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-64738 Zoom Workplace for macOS - External Control of File Name or Path
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
PT-2025-46831
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-20614
CVE-2025-20614 concerns Intel’s CIP software prior to WIN_DCA_2.4.0.11001, where external control of a file name or path in Ring 3 user applications may enable privilege escalation. The description across connected sources states an unprivileged software adversary with a privileged user and a low...
PT-2025-46381
Name of the Vulnerable Software and Affected Versions IntelR CIP software versions prior to WIN DCA 2.4.0.11001 Description The software contains a flaw related to external control of file name or path within Ring 3 User Applications, potentially allowing an escalation of privilege. A local...
TencentOS Server 3: .NET 8.0 (TSSA-2025:0820)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0820 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2025-59291
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...
EUVD-2025-26256
Malicious code in bioql PyPI...
CVE-2025-55316
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally...
CVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...
BIT-DOTNET-SDK-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...
CVE-2023-2554
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...
CVE-2025-26684
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2025-26684
CVE-2025-26684 is a Microsoft Defender Elevation of Privilege vulnerability in Defender for Endpoint where external control of a file name or path enables a locally authenticated attacker with high privileges to elevate to a higher privilege level. The CVSSv3.1 base score is 6.7 (Medium) with loc...
CVE-2025-24996
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...