Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to information leakage...

lodash: prototype pollution in _.unset and _.omit functions

A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

PT-2026-7353

Name of the Vulnerable Software and Affected Versions Windows NTLM affected versions not specified Description A flaw exists in Windows NTLM that permits external control of file names or paths, potentially enabling a local attacker to perform spoofing. This issue allows attackers to affect the...

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-0532

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...

External Control of File Name or Path

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of JSON credentials in the Google Gemini connector configuration. An...

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-20872

CVE-2026-20872 affects Windows NTLM: external control of a file name or path allows an attacker to spoof authentication over the network. The description states this vulnerability and related references indicate a Windows NTLM spoofing risk. The connected Nessus/NCSC/EUVD/NVD entries confirm the ...

Windows Telephony Service Elevation of Privilege Vulnerability

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

CVE-2025-58949

The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-67461

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-67461

CVE-2025-67461 affects Zoom Rooms for macOS prior to 6.6.0. The issue is external control of a file name or path, enabling an authenticated user to disclose information via local access. Impact is information disclosure (confidentiality). Remediation: update Zoom Rooms for macOS to version 6.6.0 ...

Yandex Messenger 安全漏洞

Yandex Messenger is an instant messaging application from the Russian company Yandex. A security vulnerability exists in Yandex Messenger versions prior to 2.245, which stems from improper control of the search path element and may lead to search order hijacking...

Yandex Telemost 安全漏洞

Yandex Telemost is an application for easily creating video calls or video chats from the Russian company Yandex. A security vulnerability exists in Yandex Telemost versions prior to 2.19.1, which stems from improper control of the search path element and could lead to search order hijacking...

Yandex Disk 安全漏洞

Yandex Disk is a cloud storage service from the Russian company Yandex. A security vulnerability exists in Yandex Disk versions prior to 3.2.45.3275, which stems from improper control of the search path element and could lead to search order hijacking...