170 matches found
CVE-2026-26360
CVE-2026-26360 affects Dell Unisphere for PowerMax, version 10.2. The vulnerability is described as External Control of File Name or Path, enabling a low-privileged attacker with remote access to delete arbitrary files. Root cause details are not provided beyond this description; no affected comp...
CVE-2026-26359
Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...
CVE-2026-26359
Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...
Dell Unisphere for PowerMax 安全漏洞
Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to information leakage...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
The vulnerability of the NTLM protocol implementation in Windows operating systems allows attackers to perform spoofing attacks.
The vulnerability of the NTLM protocol in Windows operating systems is related to external file name or path control. Exploiting this vulnerability allows attackers to perform spoofing attacks...
CVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
PT-2026-7353
Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description A flaw exists in Windows NTLM that permits external control of file names or paths, potentially enabling a local attacker to perform spoofing. This issue allows attackers to affect the...
H2O has an External Control of File Name or Path vulnerability
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...
CVE-2026-20925
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-0532
External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...
External Control of File Name or Path
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of JSON credentials in the Google Gemini connector configuration. An...
CVE-2026-20925
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-20872
CVE-2026-20872 affects Windows NTLM: external control of a file name or path allows an attacker to spoof authentication over the network. The description states this vulnerability and related references indicate a Windows NTLM spoofing risk. The connected Nessus/NCSC/EUVD/NVD entries confirm the ...
Windows Telephony Service Elevation of Privilege Vulnerability
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2024-39721
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...
External Control of File Name or Path in Langflow
Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...
CVE-2025-58949
The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...
EUVD-2025-202604
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...
CVE-2025-67461
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...