Lucene search
K

10 matches found

Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/28 6:7 a.m.11 views

External Control of File Name or Path

Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:17 p.m.21 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.9 views

EUVD-2026-29487

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.16 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS0.00869EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:11 p.m.8 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:4 a.m.1 views

CVE-2026-21012

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/02 12:31 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /3/Parse and /3/Frames/framename/export endpoints. An attacker can overwrite arbitrary files on the server, including sensitive files such as private SSH keys or script files, by injecting...

9.1CVSS6.7AI score0.00629EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2020/06/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2019-7195

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

9.8CVSS7.3AI score0.89681EPSS
Exploits9References1
Rows per page
Query Builder