Lucene search
K

326 matches found

CVE
CVE
added 5 days ago15 views

CVE-2026-61343

CVE-2026-61343 — LibreBooking : The email template editor’s save action passes the submitted template name directly into the destination file path. This allows an administrator-authenticated attacker to write arbitrary files outside the template directory and execute code. This vulnerability affe...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References5
Snyk
Snyk
added 6 days ago6 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 2:0 a.m.39 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:53 p.m.8 views

EUVD-2026-41090

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

7.5CVSS6.2AI score0.00298EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:53 p.m.19 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:53 p.m.36 views

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-353 H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS8AI score0.00629EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
OSV
OSV
added 2026/06/27 12:12 a.m.6 views

GHSA-72R4-9C5J-MJ57 pnpm: `patch-remove` could delete project-selected files outside the patches directory

Summary The patch-remove deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This patch validates the...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/27 12:12 a.m.6 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References3
OSV
OSV
added 2026/06/19 9:42 p.m.11 views

GHSA-6X2M-P4XP-WG22 Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups

Summary EnvironmentManager.backup recursively collects files using collectBackupFiles. collectBackupFiles uses statSyncfull, which follows symlinks. If data/ contains a symlink to a directory outside the environment root, backup recursion follows the symlink and copies external files into...

5.5CVSS5.9AI score
Exploits0References4
CVE
CVE
added 2026/06/18 11:54 p.m.73 views

CVE-2026-40624

CVE-2026-40624 affects AVer PTC cameras: PTC500S, PTC115, PTC500+, and PTC115+. The advisory states that improper input validation in these devices may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. The CVSS metrics indicate a CRI...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS7.5AI score0.00682EPSS
Exploits2References3
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 5:5 p.m.47 views

CVE-2026-47643

CVE-2026-47643 affects Azure Stack Edge, where external control of a file name or path can let an unauthenticated attacker execute code over the network. The NVD/CVE records describe the impact as remote code execution with high severity (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction...

9.8CVSS5.7AI score0.00753EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.4AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 5:49 p.m.33 views

CVE-2026-49492

The CVE-2026-49492 entry concerns Markdown Preview Enhanced (pre-0.8.28) which opens external files/links from the preview via a shell and does not validate untrusted inputs from the markdown document (e.g., diagram filename attribute, imported file paths, latex_engine code-chunk attribute). On W...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:15 p.m.9 views

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

8.1CVSS5.5AI score0.0004EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 8:16 p.m.27 views

CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS0.00263EPSS
Exploits0References1
Rows per page
Query Builder