166 matches found
CVE-2025-56815
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...
External Control of File Name or Path
Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to External Control of File Name or Path via the GET /api/v1/images/download/bulkdownloaditemname...
CVE-2025-55316
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally...
Azure Connected Machine Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally...
PT-2025-36895
Name of the Vulnerable Software and Affected Versions: Azure Arc affected versions not specified Description: The software contains a flaw related to external control of file name or path. This allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is n...
CVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/app/compose/get-from-uri endpoint, which uses the GetFromUri function. A user can access arbitrary files on the server by passing arbitrary paths as the uri parameter. This is only...
CVE-2025-53769
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...
CVE-2025-53769
CVE-2025-53769 : Windows Security App contains a flaw enabling spoofing via external control of a file name or path, allowing an authorized local attacker to spoof UI. Affected: Windows Security App. Root cause: file/path parameter control leading to spoofing. Impact: local spoofing of user inter...
BIT-DOTNET-SDK-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...
Advanced Installer 安全漏洞
Advanced Installer is a packaged software from Advanced Installer open source. A security vulnerability exists in versions of Advanced Installer prior to 22.6, which stems from improper control of the search path element and may result in local elevation of privilege...
CVE-2025-48783
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...
CVE-2023-2554
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...
CVE-2025-26684
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2025-26684
CVE-2025-26684 is a Microsoft Defender Elevation of Privilege vulnerability in Defender for Endpoint where external control of a file name or path enables a locally authenticated attacker with high privileges to elevate to a higher privilege level. The CVSSv3.1 base score is 6.7 (Medium) with loc...
UBUNTU-CVE-2025-26646
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...
Intel Graphics 代码问题漏洞
Intel Graphics is a family of graphics cards from Intel Corporation USA. A code issue vulnerability exists in Intel Graphics that stems from insufficient control over search paths and could lead to elevation of privilege...
UBUNTU-CVE-2025-2817
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...
CVE-2025-29819
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally...
GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...