2227 matches found
CVE-2026-50510
Improper restriction of names for files and other resources in Github Copilot allows an unauthorized attacker to execute code locally...
CVE-2026-50462
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-55002
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally...
CVE-2026-54108
External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-54108
CVE-2026-54108 affects Microsoft SharePoint Server. An authorized attacker can influence a file name or path in SharePoint, enabling network-based spoofing. CVSS v3.1: 6.5 (MEDIUM), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Root cause details are not provided in the supplied documents; no exploitation...
CVE-2026-55002
Technical details about CVE-2026-55002 are not publicly available in the provided documents. Monitor for updates.
PT-2026-58439
Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description External control of a file name or path in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-61504
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-61504
CVE-2026-61504 affects Rejetto HFS 3.0.0–3.2.0, where the basic web listing does not escape file names and can be forced with the browser parameter ?get=basic. This enables stored XSS: a file with a script in its name can execute in the viewer’s browser when the listing is viewed, potentially by ...
EUVD-2026-41589
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-58293
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
CVE-2026-8921
The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
EUVD-2026-41483
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
PT-2026-55639
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where external control of a file name or path allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...
External Control of File Name or Path
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
External Control of File Name or Path
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...