VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 4 of 13
  • CVE-2026-27825CriMar 10, 2026
    risk 0.52cvss 9.0epss 0.02

    MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An…

  • CVE-2026-20931HigJan 13, 2026
    risk 0.52cvss 8.0epss 0.01

    External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

  • CVE-2025-4603CriMay 24, 2025
    risk 0.52cvss 9.1epss 0.01

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to…

  • CVE-2025-2004CriApr 8, 2025
    risk 0.52cvss 9.1epss 0.01

    The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary…

  • CVE-2024-11042CriMar 20, 2025
    risk 0.52cvss 9.1epss 0.01

    In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH…

  • CVE-2026-30905HigMay 13, 2026
    risk 0.51cvss 7.8epss 0.00

    External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

  • CVE-2026-41088HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32204HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

  • CVE-2026-5054HigApr 11, 2026
    risk 0.51cvss 7.8epss 0.00

    NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2024-4230HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in…

  • CVE-2026-23529HigJan 16, 2026
    risk 0.50cvss 7.7epss 0.00

    Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud…

  • CVE-2025-62382HigOct 15, 2025
    risk 0.50cvss 7.7epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied…

  • CVE-2025-58158HigAug 29, 2025
    risk 0.50cvss 8.8epss 0.00

    Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git…

  • CVE-2025-3033HigApr 1, 2025
    risk 0.50cvss 7.7epss 0.00

    After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

  • CVE-2024-6467HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function.…

  • CVE-2024-39904HigJul 11, 2024
    risk 0.50cvss 8.8epss 0.01

    VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,…

  • CVE-2026-11527HigJun 14, 2026
    risk 0.49cvss 8.6epss 0.01

    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or…

  • CVE-2026-47358HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced…

  • CVE-2026-47357HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an…

  • CVE-2026-29962HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.00

    HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate…