Lucene search
K

170 matches found

CVE
CVE
added 2026/02/19 8:41 a.m.12 views

CVE-2026-26360

CVE-2026-26360 affects Dell Unisphere for PowerMax, version 10.2. The vulnerability is described as External Control of File Name or Path, enabling a low-privileged attacker with remote access to delete arbitrary files. Root cause details are not provided beyond this description; no affected comp...

8.1CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/19 8:34 a.m.11 views

CVE-2026-26359

Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:34 a.m.5 views

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to information leakage...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/17 12:26 p.m.15 views

lodash: prototype pollution in _.unset and _.omit functions

A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...

8.2CVSS5.7AI score0.01535EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/02/16 12:0 a.m.2 views

The vulnerability of the NTLM protocol implementation in Windows operating systems allows attackers to perform spoofing attacks.

The vulnerability of the NTLM protocol in Windows operating systems is related to external file name or path control. Exploiting this vulnerability allows attackers to perform spoofing attacks...

3.3CVSS5.8AI score0.11356EPSS
Exploits0References2Affected Software19
OSV
OSV
added 2026/02/10 6:16 p.m.5 views

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

3.3CVSS5.7AI score0.11356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.3 views

PT-2026-7353

Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description A flaw exists in Windows NTLM that permits external control of file names or paths, potentially enabling a local attacker to perform spoofing. This issue allows attackers to affect the...

3.3CVSS5.4AI score0.11356EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/02 12:31 p.m.8 views

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.4 views

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6.8AI score0.17312EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 11:15 a.m.5 views

CVE-2026-0532

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

8.6CVSS0.00417EPSS
Exploits1References4
Snyk
Snyk
added 2026/01/14 10:49 a.m.3 views

External Control of File Name or Path

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of JSON credentials in the Google Gemini connector configuration. An...

8.6CVSS6.9AI score0.00417EPSS
Exploits1References3
NVD
NVD
added 2026/01/13 6:16 p.m.4 views

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS0.17312EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 5:57 p.m.19 views

CVE-2026-20872

CVE-2026-20872 affects Windows NTLM: external control of a file name or path allows an attacker to spoof authentication over the network. The description states this vulnerability and related references indicate a Windows NTLM spoofing risk. The connected Nessus/NCSC/EUVD/NVD entries confirm the ...

6.5CVSS6.4AI score0.1911EPSS
Exploits0References3Affected Software14
Microsoft CVE
Microsoft CVE
added 2026/01/13 4:0 p.m.7 views

Windows Telephony Service Elevation of Privilege Vulnerability

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS7AI score0.0075EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.11 views

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

7.5CVSS7.5AI score0.02683EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/12/19 10:53 p.m.11 views

External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

7.1CVSS7AI score0.03631EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/18 7:21 a.m.10 views

CVE-2025-58949

The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/10 9:31 p.m.7 views

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

5CVSS5.6AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 9:16 p.m.5 views

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

5.5CVSS0.00118EPSS
Exploits0References1
Rows per page
Query Builder