171 matches found
EUVD-2026-41589
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
CVE-2026-8921
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
External Control of File Name or Path
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
External Control of File Name or Path
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-47643
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
CVE-2026-47643
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
EUVD-2026-35579
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
Azure Stack Edge Remote Code Execution Vulnerability
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
PT-2026-42632
Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...
External Control of File Name or Path
Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through the tar.extractall function in legacy-bundle probing on Windows systems running Python versions earlier than 3.12. An attacker can overwrite arbitrary fil...
CVE-2026-30905
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...
Microsoft Azure Monitor Agent < 1.14.0 Elevation of Privilege (CVE-2026-32204)
The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.14.0. It is, therefore, affected by an elevation of privilege vulnerability: - External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. An...
CVE-2026-44678
Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...
CLSA-2026-1778769563 python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
Security Updates for Microsoft SQL Server (May 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...
CVE-2026-41107
External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
CVE-2026-30905
CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...
EUVD-2026-29680
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-29652
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network...
EUVD-2026-29574
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...