CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

CVE-2018-16270

Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path...

CVE-2019-1268

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'...

CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

CVE-2018-11789

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2025-5059

The CVE-2025-5059 entry concerns Campcodes Online Shopping Portal 1.0. The vulnerability resides in the admin/edit-subcategory.php handler, where manipulating the arguments productimage1, productimage2, or productimage3 enables unrestricted file uploads. Exploitation is possible remotely, and mul...

CVE-2025-5011

A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has...

Kingdee Cloud Galaxy Private Cloud BBC System 路径遍历漏洞

Kingdee Cloud Galaxy Private Cloud BBC System is an all-inclusive cloud ERP system from China's Kingdee Kingdee. A path traversal vulnerability exists in Kingdee Cloud Galaxy Private Cloud BBC System versions V6.2 to V9.0, which stems from improper operation of the filePath parameter in the...

CVE-2025-4564

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

PT-2025-21651 · Qt Company · Qt

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.19 Qt versions 6.0.0 through 6.5.8 Qt versions 6.6.0 through 6.8.1 Description: The issue arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentiall...

CVE-2025-26684

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

External Control Of File Name Or Path

Microsoft.Build.Tasks.Core are vulnerable to External Control of File Name or Path. The vulnerability is due to external control of file name or path due to improper validation of input that allows an authorized attacker to manipulate file paths over a network...

PT-2025-21276 · Esignal · Esignal

Name of the Vulnerable Software and Affected Versions: eSigna versions 1.0 through 1.5 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the eSignaViewer component. This vulnerability allows an unauthenticated attacker to access arbitrary files in the...

Alibaba Cloud Linux 3 : 0241: container-tools:rhel8 (ALINUX3-SA-2024:0241)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0241 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9341: A flaw was found in Go. Whe...

CVE-2025-26684

CVE-2025-26684 is a Microsoft Defender Elevation of Privilege vulnerability in Defender for Endpoint where external control of a file name or path enables a locally authenticated attacker with high privileges to elevate to a higher privilege level. The CVSSv3.1 base score is 6.7 (Medium) with loc...

.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...