1137 matches found
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
EUVD-2025-206616
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
ASUS Business Manager 安全漏洞
ASUS Business Manager is a management tool suite provided by ASUS China. There is a security vulnerability in ASUS Business Manager, which stems from improper access control in the ASUS Secure Delete Driver. This vulnerability could allow local users to create arbitrary files at specified paths b...
CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload
LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...
CVE-2026-23835
LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...
CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path...
CVE-2026-24842 node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path...
CVE-2026-24842
CVE-2026-24842 concerns node-tar (Tar for Node.js). It affects versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch enables an attacker to craft a malicious TAR that bypasses path-trav...
CVE-2026-23890
CVE-2026-23890 affects pnpm, a package manager. A path traversal vulnerability exists in pnpm’s bin linking prior to version 10.28.1, where bin names starting with @ bypass validation and, after scope normalization, path traversal sequences like ../../ remain intact. This enables a malicious npm ...
MiracleLinux 8 : nodejs:14 (AXSA:2022-3040:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3040:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788...
MiracleLinux 4 : wget-1.12-1.11.AXS4 (AXSA:2014-010:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-010:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are...
CVE-2023-25305
PolyMC Launcher = 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory...
CVE-2023-40194
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...
CVE-2020-7869
An improper input validation vulnerability of ZOOK software remote administration tool could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tig...
CVE-1999-0051
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX...
CVE-2025-13698
Deciso OPNsense diagbackup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2025-12838
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2025-13698
Deciso OPNsense diag_backup.php is affected by a directory traversal vulnerability in the backup handling path validation. Authenticated, network-adjacent attackers can create arbitrary files (in root context) by supplying a crafted path. The issue is tied to lack of proper validation in backup c...