21013 matches found
PT-2025-36397
Name of the Vulnerable Software and Affected Versions internetarchive versions 5.5.0 and below Description The internetarchive library contains a directory traversal vulnerability in the File.download method. The method does not properly sanitize user-supplied filenames or validate the final...
CVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...
CVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...
CVE-2025-25048
CVE-2025-25048 affects IBM Engineering Lifecycle Management - Jazz Foundation (versions 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002). The issue is a Relative Path Traversal caused by improper neutralization of sequences that can resolve to a restricte...
CVE-2025-25048 IBM Jazz Foundation path traversal
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...
CVE-2025-25048 IBM Jazz Foundation path traversal
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the base64 path after /download/ endpoint. An attacker can access arbitrary files outside the intended document root by providing a crafted base64-encoded path after the download endpoint, bypassing security...
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
...
Improper Neutralization
Active Record is vulnerable to Improper Neutralization. The vulnerability is due to unescaped ANSI sequences being logged when IDs are passed to find or similar methods...
Directory Traversal
Overview kwik is a Fast, batteries-included, business-oriented, opinionated REST APIs framework Affected versions of this package are vulnerable to Directory Traversal via the kwik.utils.files.storefile function due to improper validation of directory containment in the file upload helper, which...
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
...
PT-2025-35945
Name of the Vulnerable Software and Affected Versions IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix033 IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix012 IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix002 Description An authenticated user may be able to upload files to the...
Linux Distros Unpatched Vulnerability : CVE-2017-11671
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4...
ToolShell Unleashed: Decoding the SharePoint Attack Chain
ToolShell Unleashed: Decoding the SharePoint Attack Chain By Akhil Reddy, Aniket Choukde, Aparna Aripirala, Satyajit Daulaguphu and Yadunadh · September 4, 2025 Introduction A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server CVE-2025-49704...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...
CVE-2025-58160
A log pollution flaw was found in the tracing-subscriber Rust crate. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens, modify the terminal display, or potential...