41 matches found
PT-2026-40760
Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-40421
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
External Control of File Name or Path
Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...
External Control of File Name or Path
Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...
External Control of File Name or Path
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
CVE-2026-30903
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...
PT-2026-24281
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the music/playlists/update API endpoint. An attacker can execute arbitrary code by bypassing file extension enforcement and writing malicious files to arbitrary locations on the filesystem, such...
CVE-2026-26360
Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...
External Control of File Name or Path
Overview openclaw is a π¦ OpenClaw β Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of the targetDir parameter in the skill installation. An attacker can write files outside the intended installation sandbox b...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path. Go Vulnerability Report: Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive i...
CVE-2026-0532
CVE-2026-0532 affects Kibanaβs Google Gemini Connector. External control of a file name or path (CWE-73) combined with SSRF (CWE-918) enables an authenticated attacker with privileges to create/modify connectors to trigger arbitrary file reads and arbitrary network requests through a crafted cred...
External Control of File Name or Path
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated...