Lucene search
K

2215 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.6 views

CVE-2026-58293

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/03 8:35 p.m.7 views

EUVD-2026-41589

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.1CVSS6.1AI score0.00438EPSS
Exploits0
NVD
NVD
added 2026/07/03 3:16 a.m.12 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 2:0 a.m.8 views

EUVD-2026-41483

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 2:0 a.m.18 views

CVE-2026-8921

The CVE-2026-8921 entry concerns ASUS Business Manager. It describes an External Control of File Name or Path vulnerability that allows a local user to execute arbitrary code with SYSTEM privileges by sending a tampered IPC message. Affected product is ASUS Business Manager; the root cause is con...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:0 a.m.7 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS6.2AI score0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55639

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where external control of a file name or path allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no...

8.1CVSS6.1AI score0.00438EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/01 7:24 p.m.5 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.3 views

External Control of File Name or Path

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 11:30 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-544 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

9.3CVSS6AI score0.00629EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-324 DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/27 12:12 a.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that resolves outside the configured patches directory...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/27 12:2 a.m.6 views

External Control of File Name or Path

Overview @pnpm/installing.deps-restorer is a Fast installation using only pnpm-lock.yaml Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodul...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/06/22 4:58 p.m.16 views

Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

4.9CVSS5.9AI score0.0044EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/19 4:31 a.m.14 views

EUVD-2026-37981

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS6AI score0.00397EPSS
Exploits0References8
Rows per page
Query Builder