Lucene search
K

1137 matches found

Vulnrichment
Vulnrichment
added 2026/02/02 2:0 a.m.4 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS5.7AI score0.00104EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 2:0 a.m.4 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS6AI score0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 2:0 a.m.28 views

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/02 2:0 a.m.7 views

EUVD-2025-206616

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

8.5CVSS5.7AI score0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.12 views

ASUS Business Manager 安全漏洞

ASUS Business Manager is a management tool suite provided by ASUS China. There is a security vulnerability in ASUS Business Manager, which stems from improper access control in the ASUS Secure Delete Driver. This vulnerability could allow local users to create arbitrary files at specified paths b...

8.5CVSS5.9AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 8:4 p.m.6 views

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

7.2CVSS5.9AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:4 p.m.7 views

CVE-2026-23835

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

7.2CVSS5.9AI score0.0033EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/28 12:20 a.m.6 views

CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path...

8.2CVSS6AI score0.00541EPSS
Exploits1References13
Vulnrichment
Vulnrichment
added 2026/01/28 12:20 a.m.6 views

CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path...

8.2CVSS6AI score0.00541EPSS
Exploits1References2
CVE
CVE
added 2026/01/28 12:20 a.m.112 views

CVE-2026-24842

CVE-2026-24842 concerns node-tar (Tar for Node.js). It affects versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch enables an attacker to craft a malicious TAR that bypasses path-trav...

8.2CVSS6AI score0.00541EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2026/01/26 9:53 p.m.19 views

CVE-2026-23890

CVE-2026-23890 affects pnpm, a package manager. A path traversal vulnerability exists in pnpm’s bin linking prior to version 10.28.1, where bin names starting with @ bypass validation and, after scope normalization, path traversal sequences like ../../ remain intact. This enables a malicious npm ...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : nodejs:14 (AXSA:2022-3040:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3040:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788...

9.8CVSS7.3AI score0.04456EPSS
Exploits6References10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : wget-1.12-1.11.AXS4 (AXSA:2014-010:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-010:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are...

6.8CVSS7.2AI score0.04214EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.10 views

CVE-2023-25305

PolyMC Launcher = 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory...

7.1CVSS6.9AI score0.00559EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.9 views

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

8.8CVSS7.6AI score0.02001EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.9 views

CVE-2020-7869

An improper input validation vulnerability of ZOOK software remote administration tool could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tig...

9CVSS7.4AI score0.01607EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.24 views

CVE-1999-0051

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX...

7.2CVSS7AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.7 views

CVE-2025-13698

Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...

4.5CVSS4.8AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 10:15 p.m.14 views

CVE-2025-12838

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:40 p.m.16 views

CVE-2025-13698

Deciso OPNsense diag_backup.php is affected by a directory traversal vulnerability in the backup handling path validation. Authenticated, network-adjacent attackers can create arbitrary files (in root context) by supplying a crafted path. The issue is tied to lack of proper validation in backup c...

4.5CVSS4.7AI score0.00461EPSS
Exploits0References2
Rows per page
Query Builder