CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

CVE-2022-4987 Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

(Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Music Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatelibraryitem method. The issue results from the lack of proper...

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...

External Control of File Name or Path

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to External Control of File Name or Path via the GET /api/v1/images/download/bulkdownloaditemname...

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1, which stems from the presence of a filename or path external control vulnerability that allows an attacker to achie...

git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents

A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch...

git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents

A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch...

UBUNTU-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

QNAP Systems Photo Station File Name or Path External Control Vulnerability (CNVD-2020-09620)

QNAP Systems Photo Station is a photo management and viewing application from QNAP Systems. A file name or path external control vulnerability exists in QNAP Systems Photo Station, which can be exploited by remote attackers to access or modify system files...

CVE-2018-7495

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified...

SolarWinds Network Performance Monitor Denial of Service Vulnerability

SolarWinds Network Performance Monitor NPM is a network performance monitor from SolarWinds, Inc. that provides monitoring and reporting, tracking of up/down status, real-time analytics, and network performance statistics for routers, virtualized environments, and other devices. A security...

CVE-2017-9538

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service permanent display of a "Cannot exit above the top directory" error message throughout the entire web application via a ".." in the pat...

Directory traversal

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service permanent display of a "Cannot exit above the top directory" error message throughout the entire web application via a ".." in the pat...