Lucene search
K

2212 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40135

Name of the Vulnerable Software and Affected Versions Azure Monitor Agent versions prior to May 2026 Description External control of a file name or path allows an authorized attacker to elevate privileges locally. Recommendations Update to the May 2026 patch...

7.8CVSS5.8AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40040

Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2 Description External control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. This can lead to information disclosure and...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...

7.2CVSS7.3AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-39936

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40231

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...

4.3CVSS5.8AI score0.0062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40205

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description External control of a file name or path allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Recommendations At the moment, there is no...

9CVSS6.2AI score0.00555EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40233

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/11 2:0 p.m.10 views

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.8AI score0.00652EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-40243

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description External control of a file name or path allows an unauthorized attacker to disclose sensitive information over a network. Recommendations At the moment, there is no...

7.4CVSS5.8AI score0.00652EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/10 12:30 a.m.8 views

CVE-2026-8215 Industrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument mstrSourceFileName causes path traversal. The attack can be initiated remotely. The...

6.9CVSS5.8AI score0.0055EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 10:40 p.m.27 views

CVE-2026-44656

Summary: Vim before 9.2.0435 is affected by an OS command injection in the :find path-completion. If the path option contains backtick-enclosed shell commands, those commands execute during file-name completion. The issue arises because the path option lacks the P_SECURE flag and can be set from ...

5.3CVSS6AI score0.00917EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/08 7:16 p.m.17 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS0.00435EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 6:51 p.m.23 views

CVE-2026-29201

Insufficient input validation in the feature::LOADFEATUREFILE AdminBin call in cPanel/WHM can lead to arbitrary file read when a relative file path is supplied. Affected product/version scope includes cPanel/WHM prior to versions listed as fixed in PT-2026-38673 (and WP Squared) such as 11.136.0....

8.6CVSS6.1AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 6:51 p.m.6 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS5.9AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 6:51 p.m.39 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28549

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

6.3CVSS6.2AI score0.00726EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 3:16 a.m.8 views

CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

9.1CVSS5.7AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38393

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description The CallSite wrapper class, designed as a safe wrapper for V8's native CallSite, fails to sanitize the output of the getFileName function. While the class blocks getThis and getFunction to prevent host...

5.8CVSS5.9AI score0.00241EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Wish 路径遍历漏洞

Wish is a server tool developed by Charm for simplifying SSH application development. Versions of Wish prior to 2.0.0 and 2.0.1 contained a path traversal vulnerability. This vulnerability stemmed from the SCP middleware not properly verifying file names, which could lead to path traversal attack...

9.6CVSS5.8AI score0.00393EPSS
Exploits1References1
Rows per page
Query Builder