Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-30201 Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities — wazuh 7.7 High2025-11-21
CVE-2025-11973 简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read — 简数采集器 4.9 Medium2025-11-21
CVE-2025-13322 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter — WP AUDIO GALLERY 8.1 High2025-11-21
CVE-2025-64739 Zoom Clients - External Control of File Name or Path — Zoom Clients 4.3 Medium2025-11-13
CVE-2025-64738 Zoom Workplace for macOS - External Control of File Name or Path — Zoom Workplace for macOS 5.0 Medium2025-11-13
CVE-2022-4983 TEC-IT TBarCode SDK 11.15 Remote File Create — TEC-IT TBarCode 9.0 -2025-11-12
CVE-2025-59511 Windows WLAN Service Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-11-11
CVE-2025-8998 AXIS OS 安全漏洞 — AXIS OS 3.1 Low2025-11-11
CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read — Auto Amazon Links – Amazon Associates Affiliate Plugin 7.5 High2025-11-11
CVE-2025-12915 70mai X200 Init Script file inclusion — X200 6.4 Medium2025-11-08
CVE-2025-64486 calibre is vulnerable to arbitrary code execution when opening FB2 files — calibre 7.8 -2025-11-07
CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read — Import WP – Export and Import CSV and XML files to WordPress 4.9 Medium2025-11-01
CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script — XI 7.8AIHighAI2025-10-30
CVE-2025-62611 aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server — aiomysql 7.5AIHighAI2025-10-22
CVE-2025-8050 External Control of File vulnerability has been discovered in opentext Flipper. — Flipper 6.5AIMediumAI2025-10-21
CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper. — Flipper 6.5AIMediumAI2025-10-20
CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read — Media Library Assistant 5.3 Medium2025-10-18
CVE-2025-62382 Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter — frigate 7.7 High2025-10-15
CVE-2025-59483 BIG-IP Configuration utility and tmsh vulnerability — BIG-IP 6.5 Medium2025-10-15
CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1507 6.5 Medium2025-10-14
CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability — Azure Compute Gallery 8.2 High2025-10-14
CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability — Azure Compute Gallery 8.2 High2025-10-14
CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1507 6.5 Medium2025-10-14
CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion — Motors – Car Dealership & Classified Listings Plugin 8.1 High2025-10-08
CVE-2025-10306 Backup Bolt <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download — Backup Bolt 3.8 Low2025-10-03
CVE-2025-6237 Path Traversal and Arbitrary File Deletion in invoke-ai/invokeai — invoke-ai/invokeai 9.8AICriticalAI2025-09-18
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 8.1 High2025-09-17
CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read — Propovoice: All-in-One Client Management System 7.5 High2025-09-11
CVE-2025-59049 Mockoon has a Path Traversal and LFI in the static file serving endpoint — mockoon 7.5 High2025-09-10
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent — Tautulli 9.1 Critical2025-09-09

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.