Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4602 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read — eMagicOne Store Manager for WooCommerce 5.9 Medium2025-05-24
CVE-2024-51553 Predictable Filename — ASPECT-Enterprise 6.5 Medium2025-05-22
CVE-2025-2409 Admin Authorized System File corruption — ASPECT-Enterprise 9.1 Critical2025-05-22
CVE-2025-3812 WPBot Pro Wordpress Chatbot <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion — WPBot Pro Wordpress Chatbot 8.1 High2025-05-17
CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability — .NET 8.0 8.0 High2025-05-13
CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability — Microsoft Defender for Endpoint for Linux 6.7 Medium2025-05-13
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) 7.5 High2025-05-08
CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata — Apache Parquet Java 9.8AICriticalAI2025-05-06
CVE-2025-1056 AXIS Camera Station Pro 安全漏洞 — AXIS Camera Station Pro 6.1 Medium2025-04-23
CVE-2025-3103 CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read — CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon 7.5 High2025-04-19
CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface — Cloud NGFW 7.1AIHighAI2025-04-11
CVE-2025-29819 Windows Admin Center in Azure Portal Information Disclosure Vulnerability — Windows Admin Center 6.2 Medium2025-04-08
CVE-2025-3431 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download — ZoomSounds - WordPress Wave Audio Player with Playlist 7.5 High2025-04-08
CVE-2025-2004 Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion — Simple WP Events 9.1 Critical2025-04-08
CVE-2025-2982 Legrand SMS PowerView file inclusion — SMS PowerView 6.3 Medium2025-03-31
CVE-2025-1911 Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Product Import Export for WooCommerce – Import Export Product CSV Suite 2.7 Low2025-03-26
CVE-2024-10210 Path traversal in APROL Web Portal — APROL 6.5AIMediumAI2025-03-25
CVE-2025-1972 Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Export and Import Users and Customers 2.7 Low2025-03-22
CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function — Order Export & Order Import for WooCommerce 2.7 Low2025-03-20
CVE-2024-10834 Arbitrary File Write in eosphoros-ai/db-gpt — eosphoros-ai/db-gpt 9.1 -2025-03-20
CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim — aimhubio/aim 6.5 -2025-03-20
CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3 — h2oai/h2o-3 8.6 -2025-03-20
CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai — invoke-ai/invokeai 9.1 -2025-03-20
CVE-2025-0452 Arbitrary File Deletion in eosphoros-ai/DB-GPT — eosphoros-ai/db-gpt 9.1 -2025-03-20
CVE-2025-29930 imFAQ allows local file inclusion in seo.php — imfaq 6.5 -2025-03-18
CVE-2023-45588 Fortinet FortiClientMAC 安全漏洞 — FortiClientMac 7.8 High2025-03-14
CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1507 6.5 Medium2025-03-11
CVE-2025-24996 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1507 6.5 Medium2025-03-11
CVE-2024-12036 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read — CS Framework 7.5 High2025-03-07
CVE-2024-51961 Local file inclusion (LFI) vulnerability in ArcGIS Server — ArcGIS Server 7.5 High2025-03-03

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.