CWE-641 · Improper Restriction of Names for Files and Other Resources
13 CVEs classified under CWE-641 (Improper Restriction of Names for Files and Other Resources). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25177 | High | 8.8 | 2026-03-10 | Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a netw… |
CVE-2022-36302 | High | 8.8 | 2022-08-01 | File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, w… |
CVE-2021-41146 | High | 8.8 | 2021-10-21 | qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a… |
CVE-2025-47953 | High | 8.4 | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47173 | High | 7.8 | 2025-06-10 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-21402 | High | 7.8 | 2025-01-14 | Microsoft Office OneNote Remote Code Execution Vulnerability |
CVE-2025-21361 | High | 7.8 | 2025-01-14 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2023-0046 | High | 7.2 | 2023-01-04 | Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. |
CVE-2024-30063 | Medium | 6.7 | 2024-06-11 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
CVE-2024-47260 | Medium | 6.5 | 2025-03-04 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading… |
CVE-2022-23536 | Medium | 6.5 | 2022-12-19 | Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where… |
CVE-2019-25623 | Medium | 6.2 | 2026-03-23 | Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the… |
CVE-2024-45312 | Medium | 5.3 | 2024-09-02 | Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vu… |