71 matches found
PT-2026-48038
Name of the Vulnerable Software and Affected Versions Azure Stack Edge affected versions not specified Description External control of a file name or path allows an unauthorized attacker to execute arbitrary code over a network. Recommendations At the moment, there is no information about a newer...
External Control of File Name or Path
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...
External Control of File Name or Path
Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to External Control of File Name or Path in backend/htmlbackend.py, which ...
External Control of File Name or Path
Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to External Control of File Name or Path via the -o/--output argument in the trestle author jinja. An attacker can overwrite arbitra...
EUVD-2026-30111
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-41088
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-41088
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
External Control of File Name or Path
Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch...
External Control of File Name or Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...
External Control of File Name or Path
Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to External Control of File Name or Path in the artifactbundle/assemble endpoint. An authenticated attacker can create or overwrite files within locations writable by the service account by supplying...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the /appearance/filepath file-serving handler in kernel/server/serve.go. An attacker can read arbitrary files accessible to the server process by requesting crafted ../ paths. Notes -...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the importSY, importZipMd, importSyncProviderWebDAV, importSyncProviderS3, and importConf file import processes in the kernel/api/import.go, kernel/api/sync.go, and kernel/api/system.go...
EUVD-2026-11170
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2026-30903
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...
EUVD-2026-10607
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally...
CVE-2026-24287
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally...