147 matches found
External Control of File Name or Path
Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...
Microsoft Azure Monitor Agent < 1.14.0 Elevation of Privilege (CVE-2026-32204)
The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.14.0. It is, therefore, affected by an elevation of privilege vulnerability: - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. An...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
EUVD-2026-29690
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
EUVD-2026-29652
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
EUVD-2026-29574
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
EUVD-2026-29487
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
CVE-2026-8043
Ivanti Xtraction is affected prior to version 2026.2 by CVE-2026-8043 due to external control of a file name. An authenticated remote attacker can read sensitive files and write arbitrary HTML files to a web directory, enabling information disclosure and potential client-side attacks. The vulnera...
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...
PT-2026-40233
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
External Control of File Name or Path
Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to External Control of File Name or Path through the backup restoration. An attacker can access arbitrary local files by supplying a crafted backup archive containing ...
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...
CVE-2026-21012
CVE-2026-21012 describes external control of a file name in AODManager prior to SMR Apr-2026 Release 1. This allows a privileged local attacker to create a file with system privileges. The connected documents reiterate the same description; no additional technical details (affected versions, spec...
PT-2026-32270
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...