Total
252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26646 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2025-07-10 | N/A | 8.0 HIGH |
| External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29819 | 1 Microsoft | 1 Windows Admin Center | 2025-07-10 | N/A | 6.2 MEDIUM |
| External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-48385 | 2025-07-10 | N/A | N/A | ||
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. | |||||
| CVE-2025-25478 | 1 Syspass | 1 Syspass | 2025-07-09 | N/A | 6.5 MEDIUM |
| The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password. | |||||
| CVE-2025-1972 | 1 Webtoffee | 1 Import Export Wordpress Users | 2025-07-09 | N/A | 2.7 LOW |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | |||||
| CVE-2025-1911 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-07-09 | N/A | 2.7 LOW |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | |||||
| CVE-2025-47956 | 1 Microsoft | 1 Windows Security App | 2025-07-09 | N/A | 5.5 MEDIUM |
| External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2024-38657 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-09 | N/A | 4.9 MEDIUM |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | |||||
| CVE-2025-6463 | 1 Incsub | 1 Forminator | 2025-07-07 | N/A | 8.8 HIGH |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. This makes it possible for unauthenticated attackers to include arbitrary file paths in a form submission. The file will be deleted when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings. This can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2025-24996 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-03 | N/A | 6.5 MEDIUM |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-49588 | 2025-07-03 | N/A | N/A | ||
| Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other user's links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication. | |||||
| CVE-2024-33671 | 1 Veritas | 1 Backup Exec | 2025-06-30 | N/A | 7.7 HIGH |
| An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | |||||
| CVE-2024-57394 | 1 Qianxin | 1 Tianqing Endpoint Security Management System | 2025-06-23 | N/A | 8.8 HIGH |
| The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities. | |||||
| CVE-2025-33053 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-06-21 | N/A | 8.8 HIGH |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-36506 | 2025-06-16 | N/A | 6.5 MEDIUM | ||
| External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data. | |||||
| CVE-2024-1244 | 2025-06-12 | N/A | N/A | ||
| Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | |||||
| CVE-2024-1243 | 2025-06-12 | N/A | N/A | ||
| Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. | |||||
| CVE-2025-48781 | 2025-06-06 | N/A | N/A | ||
| An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths. | |||||
| CVE-2025-48783 | 2025-06-06 | N/A | N/A | ||
| An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths. | |||||
| CVE-2025-3419 | 1 Themewinter | 1 Eventin | 2025-06-04 | N/A | 7.5 HIGH |
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||