1137 matches found
CVE-2026-21991
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names...
CVE-2026-21991
The CVE-2026-21991 issue affects the DTrace component dtprobed, specifically its handling of USDT probes, enabling arbitrary file creation through crafted provider names. Multiple connected advisories confirm dtprobed as the vulnerable element and describe the risk of code execution as a worst-ca...
CVE-2026-21991
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names...
CVE-2026-21991
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names...
CVE-2026-21991
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names...
PT-2026-25827
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names...
Oracle Linux 安全漏洞
Oracle Linux is an open and complete operating environment provided by Oracle Corporation in the United States. It offers virtualization, management, and cloud-native computing tools, as well as an operating system. There is a security vulnerability in Oracle Linux, which can be exploited through...
CVE-2025-41757
A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...
CVE-2025-41757 Arbitrary Write with ubr-restore
A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...
Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...
📄 Qualys Security Advisory - Exim 21Nails Advisory
Qualys audited central parts of the Exim mail server and discovered 21 vulnerabilities, with 11 being local vulnerabilities and 10 being remote vulnerabilities. This is older research from 2021 that was missing from the archive. Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim...
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...
CVE-2026-25510
CVE-2026-25510 affects CI4MS, a CodeIgniter 4–based CMS skeleton. The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save endpoints, where an authenticated user with file editor permissions can upload and save files (including PHP) and execute arbitrary code on...
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
GHSA-GP56-F67F-M4PX CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...
GHSA-M7J5-R2P5-C39R picklescan vulnerable to arbitrary file create using logging.FileHandler
Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...
picklescan vulnerable to arbitrary file create using logging.FileHandler
Summary Unsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary...