Lucene search
K

23 matches found

Snyk
Snyk
added 2026/06/18 2:24 p.m.5 views

External Control of File Name or Path

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.1CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/06/16 9:32 p.m.8 views

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

9.8CVSS8.1AI score0.00934EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/06 4:10 p.m.41 views

CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

9.3CVSS0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 8:15 p.m.14 views

CVE-2022-4987 Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

7.3CVSS0.00122EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2026/03/03 12:0 a.m.4 views

(Pwn2Own) Music Assistant _update_library_item External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Music Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatelibraryitem method. The issue results from the lack of proper...

8.8CVSS6.3AI score0.01447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:25 p.m.6 views

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/19 10:53 p.m.9 views

External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

7.1CVSS7AI score0.03631EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/11/20 4:25 p.m.12 views

CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

8.3CVSS0.0008EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.3 views

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...

5.9CVSS7.4AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/18 9:31 a.m.1 views

External Control of File Name or Path

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to External Control of File Name or Path via the GET /api/v1/images/download/bulkdownloaditemname...

9.8CVSS9.3AI score0.00353EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.8 views

The vulnerability of the update mechanism of the IBM QRadar SIEM system allows a perpetrator to execute arbitrary code.

The vulnerability of the IBM QRadar SIEM’s event collection and analysis update mechanism is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted automatic update file...

9.1CVSS5.9AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2025/06/06 10:15 a.m.4 views

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths...

7.5CVSS5.9AI score0.0033EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/18 12:0 a.m.11 views

The vulnerability of the FortiClient for MAC installer allows a perpetrator to execute arbitrary commands.

The vulnerability of the FortiClient for MAC installer is related to improper external management of the file name or path to the /tmp directory. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

8.2CVSS6.1AI score0.00262EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1, which stems from the presence of a filename or path external control vulnerability that allows an attacker to achie...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.6 views

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to external control of file names or paths, allows a perpetrator to load arbitrary PHP scripts and intercept plugin loaders to execute these scripts at will.

The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to external control of file names or paths. Exploiting this vulnerability allows a malicious actor to load any arbitrary PHP script and intercept the plugin loader to execute that...

8.3CVSS5.7AI score0.21078EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2023/05/22 7:11 a.m.15 views

git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents

A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch...

7.5CVSS7.2AI score0.52164EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/22 7:8 a.m.7 views

git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents

A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to git apply --reject; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunks from the given patch...

7.5CVSS7.2AI score0.52164EPSS
Exploits0References4
OSV
OSV
added 2022/07/18 3:15 p.m.1 views

UBUNTU-CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS6.8AI score0.00913EPSS
Exploits1References6
CNVD
CNVD
added 2019/12/06 12:0 a.m.3 views

QNAP Systems Photo Station File Name or Path External Control Vulnerability (CNVD-2020-09620)

QNAP Systems Photo Station is a photo management and viewing application from QNAP Systems. A file name or path external control vulnerability exists in QNAP Systems Photo Station, which can be exploited by remote attackers to access or modify system files...

9.8CVSS9AI score0.82966EPSS
Exploits8References1
OSV
OSV
added 2018/05/15 10:29 p.m.6 views

CVE-2018-7495

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified...

7.5CVSS5.7AI score0.02215EPSS
Exploits0References2
Rows per page
Query Builder