79 matches found
EUVD-2025-24288
Malicious code in bioql PyPI...
Exploit for External Control of File Name or Path in Microsoft
CVE-2025-33053 POC Exploit Overview The working director...
External Control of File Name or Path
Overview @directus/api is a real-time API and App dashboard for managing SQL database content Affected versions of this package are vulnerable to External Control of File Name or Path via the write and join method, which used the fullPath method to create the absolute path. An attacker can upload...
CVE-2025-53769
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...
CVE-2025-49760
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network...
CVE-2025-47956
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...
Important: dotnet8.0
Issue Overview: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. CVE-2025-26646 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250609 or...
External Control of File Name or Path
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to External Control of File Name or Path via the restorerunbackup function. An attacker can write arbitrary data to arbitrary locations on the host server by controlling...
CVE-2024-9142
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...
GHSA-GQRQ-J6PM-98C2 External Control of File Name or Path in h2oai/h2o-3
Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...
CVE-2023-6569 External Control of File Name or Path in h2oai/h2o-3
External Control of File Name or Path in h2oai/h2o-3...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the curleasyduphandle function, allowing an attacker to insert cookies into a running program using this library. When this function is used to duplicate an easy handle with cookies enabled, the...
GHSA-22GJ-8QJ2-FJ46 Moodle External Control of File Name or Path vulnerability
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...
CVE-2022-45918
ILIAS before 7.16 allows External Control of File Name or Path...
PT-2022-10731 · Ws-Scrcpy · Ws-Scrcpy
Name of the Vulnerable Software and Affected Versions: ws-scrcpy affected versions not specified Description: The issue allows for external control of file name or path. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
DEBIAN-CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...
UBUNTU-CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...
QNAP Systems Photo Station File Name or Path External Control Vulnerability
QNAP Systems Photo Station is a photo management and viewing application from QNAP Systems. A file name or path external control vulnerability exists in QNAP Systems Photo Station, which can be exploited by remote attackers to access or modify system files...
DEBIAN-CVE-2018-1000532
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...