CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

JLSEC-2025-152 ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/ia...

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamfreadheader in /libavformat/iamfdec.c...

CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

CVE-2025-11914

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be initiated remotely. The...

EUVD-2025-34942

Malicious code in srccomponentsqcreportindextsx npm...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

EUVD-2025-34699

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2025-62364

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

EUVD-2025-34360

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...

CVE-2025-59291

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally...

CVE-2025-59244

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...

NTLM Hash Disclosure Spoofing Vulnerability

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network...

PT-2025-42151

Name of the Vulnerable Software and Affected Versions Azure Container Instances ACI affected versions not specified Description An issue exists in Azure Container Instances where external control of a file name or path can allow an authorized attacker to elevate privileges locally. The flaw...

PT-2025-42077

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue exists in Windows Core Shell that allows an unauthorized attacker to perform spoofing over a network through external control of a file name or path. Recommendations At the moment,...

CVE-2025-11659

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote...

CampCodes Online Beauty Parlor Management System SQL注入漏洞

CampCodes Online Beauty Parlor Management System is an online beauty parlor management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Online Beauty Parlor Management System version 1.0, which stems from an incorrect manipulation of the parameter searchdata in...

PT-2025-41741

Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...

PT-2025-41576

Name of the Vulnerable Software and Affected Versions JEEWMS version 20250820 Description The software is susceptible to a SQL Injection issue within the exportXls function. This function is located in the file...

PT-2025-41593

Name of the Vulnerable Software and Affected Versions code-projects Online Job Search Engine version 1.0 Description A flaw exists in code-projects Online Job Search Engine version 1.0, specifically within the /postjob.php file. Manipulation of the txtjobID parameter can lead to SQL injection. Th...