EUVD-2025-34699

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2025-62364

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

EUVD-2025-34360

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...

CVE-2025-59291

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...

CVE-2025-59244

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...

NTLM Hash Disclosure Spoofing Vulnerability

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...

PT-2025-42151

Name of the Vulnerable Software and Affected Versions Azure Container Instances ACI affected versions not specified Description An issue exists in Azure Container Instances where external control of a file name or path can allow an authorized attacker to elevate privileges locally. The flaw...

PT-2025-42077

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue exists in Windows Core Shell that allows an unauthorized attacker to perform spoofing over a network through external control of a file name or path. Recommendations At the moment,...

CVE-2025-11659

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote...

CampCodes Online Beauty Parlor Management System SQL注入漏洞

CampCodes Online Beauty Parlor Management System is an online beauty parlor management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Online Beauty Parlor Management System version 1.0, which stems from an incorrect manipulation of the parameter searchdata in...

PT-2025-41741

Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...

PT-2025-41576

Name of the Vulnerable Software and Affected Versions JEEWMS version 20250820 Description The software is susceptible to a SQL Injection issue within the exportXls function. This function is located in the file...

PT-2025-41593

Name of the Vulnerable Software and Affected Versions code-projects Online Job Search Engine version 1.0 Description A flaw exists in code-projects Online Job Search Engine version 1.0, specifically within the /postjob.php file. Manipulation of the txtjobID parameter can lead to SQL injection. Th...

CVE-2025-35056

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...

CVE-2025-11539

Grafana Image Renderer (grafana-image-renderer) is affected by an ARBITRARY FILE WRITE leading to remote code execution via /render/csv, where a lack of validation of filePath allows saving a shared object to an arbitrary location loaded by Chromium. Affected versions are 1.0.0 through 4.0.16. Ex...

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

CVE-2025-11530 code-projects Online Complaint Site state.php sql injection

A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

grafana-image-renderer 安全漏洞

grafana-image-renderer is a Grafana open source backend plugin for Grafana. A security vulnerability exists in grafana-image-renderer versions 1.0.0 through 4.0.16, which stems from the /render/csv endpoint that does not validate the filePath parameter, which could lead to remote code execution...

PT-2025-41359

Name of the Vulnerable Software and Affected Versions Grafana Image Renderer versions 1.0.0 through 4.0.16 Description Grafana Image Renderer is susceptible to remote code execution due to an arbitrary file write issue. The /render/csv API endpoint lacks proper validation of the filePath paramete...