Lucene search
K

2227 matches found

NVD
NVD
added yesterday3 views

CVE-2026-50510

Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50462

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-55002

External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-54108

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-54108

CVE-2026-54108 affects Microsoft SharePoint Server. An authorized attacker can influence a file name or path in SharePoint, enabling network-based spoofing. CVSS v3.1: 6.5 (MEDIUM), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Root cause details are not provided in the supplied documents; no exploitation...

6.5CVSS6.1AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-55002

Technical details about CVE-2026-55002 are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-58439

Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description External control of a file name or path in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2 days ago7 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-61504

CVE-2026-61504 affects Rejetto HFS 3.0.0–3.2.0, where the basic web listing does not escape file names and can be forced with the browser parameter ?get=basic. This enables stored XSS: a file with a script in its name can execute in the viewer’s browser when the listing is viewed, potentially by ...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 8:35 p.m.8 views

EUVD-2026-41589

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.7 views

CVE-2026-58293

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0
NVD
NVD
added 2026/07/03 3:16 a.m.12 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 2:0 a.m.21 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:0 a.m.8 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 2:0 a.m.8 views

EUVD-2026-41483

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55639

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where external control of a file name or path allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/01 9:43 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.5 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Rows per page
Query Builder