Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-73 (文件名或路径的外部可控制) — Vulnerability Class 311

311 vulnerabilities classified as CWE-73 (文件名或路径的外部可控制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read — Simple Download Counter 6.5 Medium2025-03-01
CVE-2025-1686 Pebble 安全漏洞 — io.pebbletemplates:pebble 6.8 Medium2025-02-27
CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates — dependency-track 4.4 Medium2025-02-24
CVE-2024-22341 IBM Watson Query on Cloud Pak for Data information disclosure — Watson Query on Cloud Pak for Data 5.3 Medium2025-02-22
CVE-2024-47265 Synology Active Backup for Business 路径遍历漏洞 — Active Backup for Business 6.5 Medium2025-02-13
CVE-2025-0111 PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface — Cloud NGFW 6.5 -2025-02-12
CVE-2025-0109 PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface — Cloud NGFW 9.1 -2025-02-12
CVE-2025-21377 NTLM Hash Disclosure Spoofing Vulnerability — Windows 10 Version 1507 6.5 Medium2025-02-11
CVE-2024-12058 Ivanti Connect Secure和Ivanti Policy Secure 安全漏洞 — Connect Secure 6.8 Medium2025-02-11
CVE-2025-0630 Western Telematic Inc NPS Series, DSM Series, CPM Series External Control of File Name or Path — Network Power Switch (NPS Series) 6.5 Medium2025-02-04
CVE-2024-12267 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion — Drag and Drop Multiple File Upload for Contact Form 7 5.3 Medium2025-01-31
CVE-2024-12861 W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read — W2S – Migrate WooCommerce to Shopify 6.5 Medium2025-01-30
CVE-2025-0105 Expedition: Arbitrary File Deletion Vulnerability — Cloud NGFW 10.0 -2025-01-11
CVE-2025-0211 Campcodes School Faculty Scheduling System index.php file inclusion — School Faculty Scheduling System 6.3 Medium2025-01-04
CVE-2025-0202 TCS BaNCS REPORTS_SHOW_FILE.jsp file inclusion — BaNCS 5.5 Medium2025-01-04
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 4.9 Medium2024-12-21
CVE-2024-12066 SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion — SMSA Shipping (official) 8.8 High2024-12-21
CVE-2024-4230 Edgecross Basic Software 安全漏洞 — Edgecross Basic Software for Windows 7.8 High2024-12-19
CVE-2024-11838 Local File Inclusion — PlexTrac 9.8 -2024-12-13
CVE-2024-12357 SourceCodester Best House Rental Management System index.php file inclusion — Best House Rental Management System 4.3 Medium2024-12-09
CVE-2024-10492 Keycloak-quarkus-server: keycloak path trasversal 4.9 -2024-11-25
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability — Windows Server 2025 6.5 Medium2024-11-12
CVE-2024-10672 Multiple Page Generator Plugin – MPG <= 4.0.2 - Authenticated (Editor+) Directory Traversal to Limited File Deletion — Multiple Page Generator Plugin – MPG 2.7 Low2024-11-12
CVE-2023-5816 Code Explorer <= 1.4.5 - Authenticated (Admin+) External File Reading — Code Explorer 4.9 Medium2024-10-30
CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 9.1AICriticalAI2024-10-29
CVE-2024-38029 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability — Windows Server 2022, 23H2 Edition (Server Core installation) 7.5 High2024-10-08
CVE-2024-43615 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability — Windows 10 Version 1809 7.1 High2024-10-08
CVE-2024-43581 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability — Windows 10 Version 1809 7.1 High2024-10-08
CVE-2024-38040 BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability — Portal for ArcGIS 7.5 High2024-10-04
CVE-2024-9275 jeanmarc77 123solar admin_invt2.php file inclusion — 123solar 6.3 Medium2024-09-27

Vulnerabilities classified as CWE-73 (文件名或路径的外部可控制) represent 311 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.