External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

PT-2026-40760

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

CVE-2026-40370

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

CVE-2026-40421

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

Azure Monitor Agent Elevation of Privilege Vulnerability

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or...

External Control of File Name or Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

CVE-2026-30903

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...

PT-2026-25247

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...

PT-2026-24281

External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally...

WordPress plugin Dermatology Clinic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the music/playlists/update API endpoint. An attacker can execute arbitrary code by bypassing file extension enforcement and writing malicious files to arbitrary locations on the filesystem, such...

CVE-2026-26360

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...

External Control of File Name or Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of the targetDir parameter in the skill installation. An attacker can write files outside the intended installation sandbox b...