Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

166 matches found

RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.6 views

CVE-2026-47643

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00503EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:17 p.m.8 views

CVE-2026-47643

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS0.00503EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 5:5 p.m.16 views

EUVD-2026-35579

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00503EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2026/06/09 2:0 p.m.8 views

Azure Stack Edge Remote Code Execution Vulnerability

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00503EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/21 12:0 a.m.6 views

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

7.8CVSS6.7AI score
Exploits0References4
Snyk
Snykadded 2026/05/15 6:25 p.m.5 views

External Control of File Name or Path

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through the tar.extractall function in legacy-bundle probing on Windows systems running Python versions earlier than 3.12. An attacker can overwrite arbitrary fil...

7.4CVSS5.6AI score0.0061EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/15 7:57 a.m.10 views

CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/15 12:0 a.m.3 views

Microsoft Azure Monitor Agent < 1.14.0 Elevation of Privilege (CVE-2026-32204)

The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.14.0. It is, therefore, affected by an elevation of privilege vulnerability: - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. An...

7.8CVSS5.8AI score0.00299EPSS
Exploits0References2
NVD
NVDadded 2026/05/14 9:16 p.m.10 views

CVE-2026-44678

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

7.1CVSS0.00226EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 7:23 p.m.8 views

CLSA-2026-1778769563 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS6.6AI score0.05372EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/05/14 12:0 a.m.69 views

Security Updates for Microsoft SQL Server (May 2026)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...

8.8CVSS6.1AI score0.00555EPSS
Exploits0References11
RedhatCVE
RedhatCVEadded 2026/05/13 8:22 p.m.9 views

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.8AI score0.00652EPSS
Exploits0References1
CVE
CVEadded 2026/05/13 6:0 p.m.12 views

CVE-2026-30905

CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/12 6:30 p.m.11 views

EUVD-2026-29680

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00336EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/12 6:30 p.m.8 views

EUVD-2026-29652

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00555EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/12 6:30 p.m.6 views

EUVD-2026-29574

External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00299EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 6:17 p.m.10 views

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS0.00652EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.6 views

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00336EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2026/05/12 2:0 p.m.6 views

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00336EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-40233

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00336EPSS
Exploits0References2
Rows per page
Query Builder