Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-55316 Azure Connected Machine Agent Elevation of Privilege Vulnerability — Azure Connected Machine Agent 7.8 High2025-09-09
CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Goza - Nonprofit Charity WordPress Theme 9.1 Critical2025-09-09
CVE-2025-9920 Campcodes Recruitment Management System index.php include file inclusion — Recruitment Management System 4.7 Medium2025-09-03
CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path — Corporate Training Management System 9.8 -2025-08-30
CVE-2024-13984 Qi'anxin TianQing Management Center rptsvr Arbitrary File Upload — TianQing Management Center 9.8AICriticalAI2025-08-27
CVE-2025-9529 Campcodes Payroll Management System index.php include file inclusion — Payroll Management System 7.3 High2025-08-27
CVE-2025-9048 Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion — Wptobe-memberships 8.1 High2025-08-23
CVE-2025-53363 Dpanel has an arbitrary file read vulnerability — dpanel 6.5AIMediumAI2025-08-22
CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization — directus 9.3 Critical2025-08-20
CVE-2025-20269 Cisco Evolved Programmable Network Manager and Prime Infrastructure Arbitrary File Download Vulnerability — Cisco Evolved Programmable Network Manager (EPNM) 6.5 Medium2025-08-20
CVE-2011-10030 Foxit PDF Reader < 4.3.1.0218 JavaScript File Write — Foxit PDF Reader 8.8AIHighAI2025-08-20
CVE-2025-53769 Windows Security App Spoofing Vulnerability — Windows Security App 5.5 Medium2025-08-12
CVE-2025-29866 TAGFREE X‑Free Uploader 安全漏洞 — X-Free Uploader 9.8AICriticalAI2025-08-07
CVE-2025-54780 glpi-screenshot-plugin exposes local files in /ajax/screenshot.php — glpi-screenshot-plugin 7.7 High2025-08-05
CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary File Deletion — Alone – Charity Multipurpose Non-profit WordPress Theme 9.1 Critical2025-07-15
CVE-2025-6691 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion — SureForms – Drag and Drop Form Builder for WordPress 8.1 High2025-07-09
CVE-2025-49760 Windows Storage Spoofing Vulnerability — Windows 10 Version 1507 3.5 Low2025-07-08
CVE-2025-49588 Linkwarden Local File Inclusion Vulnerability — linkwarden 6.5AIMediumAI2025-07-02
CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 8.8 High2025-07-02
CVE-2025-33117 IBM QRadar SIEM command execution — QRadar SIEM 9.1 Critical2025-06-19
CVE-2025-36506 RICOH Streamline NX V3 PC Client 安全漏洞 — RICOH Streamline NX V3 PC Client 9.1AICriticalAI2025-06-13
CVE-2024-1244 Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft — OSSEC-HIDS Agent 7.5AIHighAI2025-06-11
CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft — Wazuh Agent 9.8AICriticalAI2025-06-11
CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability — Windows 10 Version 1507 8.8 High2025-06-10
CVE-2025-47956 Windows Security App Spoofing Vulnerability — Windows Security App 5.5 Medium2025-06-10
CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints — OctoPrint 5.4 Medium2025-06-10
CVE-2025-48783 Soar Cloud HRD Human Resource Management System - External Control of File Name or Path — HRD Human Resource Management System 7.5AIHighAI2025-06-06
CVE-2025-48781 Soar Cloud HRD Human Resource Management System - External Control of File Name or Path — HRD Human Resource Management System 5.3AIMediumAI2025-06-06
CVE-2025-32802 Insecure handling of file paths allows multiple local attacks — Kea 6.1 Medium2025-05-28
CVE-2025-4603 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion — eMagicOne Store Manager for WooCommerce 9.1 Critical2025-05-24

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.