Lucene search
K

66 matches found

Cvelist
Cvelist
added 2026/07/03 2:0 a.m.39 views

CVE-2026-8921

External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...

8.5CVSS0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/01 7:24 p.m.4 views

External Control of File Name or Path

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.5CVSS6AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/15 6:25 p.m.10 views

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through the tar.extractall function in legacy-bundle probing on Windows systems running Python versions earlier than 3.12. An attacker can overwrite arbitrary fil...

7.4CVSS5.6AI score0.0061EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 a.m.17 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.207 views

Security Updates for Microsoft SQL Server (May 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...

8.8CVSS6.1AI score0.00555EPSS
Exploits0References11
CVE
CVE
added 2026/05/13 6:0 p.m.19 views

CVE-2026-30905

CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 6:30 p.m.18 views

EUVD-2026-29680

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.14 views

EUVD-2026-29652

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.10 views

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.32 views

CVE-2026-4132 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS0.00997EPSS
Exploits0References13
Redos
Redos
added 2026/04/10 12:0 a.m.7 views

ROS-20260410-73-0009

Vulnerability in libssh related to incorrect external control of file name or path. Exploitation of the vulnerability could allow an attacker to escalate privileges...

3.3CVSS6.4AI score0.00158EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/11 2:52 p.m.36 views

CVE-2026-30903

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...

9.6CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 2:52 p.m.16 views

CVE-2026-30903

CVE-2026-30903 concerns Zoom Workplace for Windows prior to 6.6.0. The issue is described as External Control of File Name or Path in the Mail feature, which may allow an unauthenticated user to escalate privileges over the network. Affected product/feature: Zoom Workplace for Windows (Mail featu...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.3 views

CVE-2026-22371 WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through = 1.2.2...

8.1CVSS5.5AI score0.00426EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 9:16 a.m.5 views

CVE-2026-26360

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...

8.1CVSS6AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 9:16 a.m.11 views

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

8.8CVSS5.9AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:41 a.m.14 views

CVE-2026-26360

CVE-2026-26360 affects Dell Unisphere for PowerMax, version 10.2. The vulnerability is described as External Control of File Name or Path, enabling a low-privileged attacker with remote access to delete arbitrary files. Root cause details are not provided beyond this description; no affected comp...

8.1CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/19 8:34 a.m.13 views

CVE-2026-26359

Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to information leakage...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder