Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-26361 Dell Unisphere for PowerMax 安全漏洞 — Unisphere for PowerMax 6.5 Medium2026-02-19
CVE-2026-1669 Arbitrary File Read in Keras via HDF5 External Datasets — Keras 7.5AIHighAI2026-02-11
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries — Red Hat Enterprise Linux 6 7.0 High2026-02-11
CVE-2026-26157 Busybox: busybox: arbitrary file overwrite and potential code execution via incomplete path sanitization — Red Hat Enterprise Linux 6 7.0 High2026-02-11
CVE-2026-21249 Windows NTLM Spoofing Vulnerability — Windows 10 Version 1607 3.3 Low2026-02-10
CVE-2026-25628 Qdrant affected by arbitrary file write via `/logger` endpoint — qdrant 8.6 High2026-02-06
CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion — i-doit Open Source CMDB 8.8 High2026-02-03
CVE-2020-37080 webTareas 2.0.p8 - Arbitrary File Deletion — webTareas 9.8 Critical2026-02-03
CVE-2024-5986 Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3 — h2oai/h2o-3 9.8AICriticalAI2026-02-02
CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload — lobe-chat 6.5AIMediumAI2026-01-30
CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write — Hestia Control Panel 8.8 High2026-01-21
CVE-2021-47746 NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write — NodeBB Plugin Emoji 7.5 High2026-01-21
CVE-2025-53912 MedDream PACS Premium 安全漏洞 — MedDream PACS Premium 9.6 Critical2026-01-20
CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector — bigquery-connector-for-apache-kafka 7.7 High2026-01-16
CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability — Windows 10 Version 1607 8.0 High2026-01-13
CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1607 6.5 Medium2026-01-13
CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1607 6.5 Medium2026-01-13
CVE-2025-66003 Local users can perform a local root exploit via smb4k mounthelper — smb4k 7.8 -2026-01-08
CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal — EmailKit – Email Customizer for WooCommerce & WP 6.5 Medium2026-01-07
CVE-2025-62842 HBS 3 Hybrid Backup Sync — HBS 3 Hybrid Backup Sync 7.3 -2026-01-02
CVE-2025-12654 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation — WPvivid — Backup, Migration & Staging 2.7 Low2025-12-21
CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path — langflow 7.1 High2025-12-19
CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter — WP User Manager – User Profile Builder & Membership 6.8 Medium2025-12-12
CVE-2025-67461 Zoom Rooms for macOS - External Control of File Name or Path — Zoom Rooms 5.0 Medium2025-12-10
CVE-2020-36878 ReQuest Serious Play F3 Media Player <= 3.0.0 Directory Traversal File Disclosure — ReQuest Serious Play Media Player 7.5 -2025-12-05
CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion — Cost Calculator Builder 8.8 High2025-12-02
CVE-2021-4472 Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature — Red Hat OpenStack Platform 13 (Queens) 6.5 Medium2025-11-26
CVE-2025-66257 Unauthenticated Arbitrary File Deletion (patch_contents.php) — Mozart FM Transmitter 6.5AIMediumAI2025-11-26
CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php) — Mozart FM Transmitter 8.1AIHighAI2025-11-26
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read — AI Engine for WordPress: ChatGPT, GPT Content Generator 6.5 Medium2025-11-25

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.