CVE-2025-13187

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...

EUVD-2025-197673

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...

CVE-2025-64738

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2025-175326

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-64738

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-64739

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-64738 Zoom Workplace for macOS - External Control of File Name or Path

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2025-150358

A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

Like Tea SQL注入漏洞

Like Tea is a multi-store tea drinking applet open source by comeasy. Like Tea version 1.0.0 SQL injection vulnerability exists , the vulnerability stems from the file laravel/app/Http/Controllers/Front/StoreController.php in the list function of the lng/lat parameter is not handled properly ,...

AMTT Hotel Broadband Operation System SQL注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system from China's AMTT company. A SQL injection vulnerability exists in AMTT Hotel Broadband Operation System version 1.0, which originates from improper handling of the uid parameter in the file /user/portal/getfirstdate.php,...

PT-2025-46831

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-20614

CVE-2025-20614 concerns Intel’s CIP software prior to WIN_DCA_2.4.0.11001, where external control of a file name or path in Ring 3 user applications may enable privilege escalation. The description across connected sources states an unprivileged software adversary with a privileged user and a low...

PT-2025-46381

Name of the Vulnerable Software and Affected Versions IntelR CIP software versions prior to WIN DCA 2.4.0.11001 Description The software contains a flaw related to external control of file name or path within Ring 3 User Applications, potentially allowing an escalation of privilege. A local...

Path Traversal

mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...

CVE-2025-12926

A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from improper file path cleanup and could lead to a command injection attack...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: chrony (UTSA-2025-990681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990681 advisory. A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-240...

CVE-2025-12917

TOZED ZLT T10/T10PLUS_3.04.15: vulnerability in an unknown function of the /reqproc/proc_post file within the Reboot Handler can cause denial of service. Exploitation requires local network access; an exploit is publicly available. Multiple sources (Red Hat, EUVD, NVD, CVE/CVElist, CNNVD, PT-2025...

CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...