Linux Distros Unpatched Vulnerability : CVE-2019-16777

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritte...

GHSA-P7Q8-GRRJ-3M8W Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

Copier's safe template has filesystem write access outside destination path

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write files outside the destination path...

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

CVE-2025-55345

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

PT-2025-32971 · Codex Cli · Codex Cli

Name of the Vulnerable Software and Affected Versions: Codex CLI affected versions not specified Description: Using Codex CLI in workspace-write mode within a malicious context repository, directory, etc. may lead to arbitrary file overwrite and potentially remote code execution. This occurs...

Exploit for Link Following in 7-Zip

CVE-2025-55188-7z-exploit --- 7-Zip Symlink Arbitrary File...

The vulnerability in the Git GUI graphical user interface relates to the insertion or modification of arguments, allowing attackers to create or overwrite arbitrary files.

The vulnerability of the Git GUI graphical user interface is related to the implementation or modification of arguments. Exploiting this vulnerability allows an attacker to create or overwrite arbitrary files...

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

GHSA-Q6GG-9F92-R9WG Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

CVE-2025-41396

PowerCMS (Alfasado PowerCMS) is affected by CVE-2025-41396 due to a path traversal vulnerability in the file-upload feature. The root cause allows a product user to overwrite arbitrary files on the system. Affected versions are multiple PowerCMS releases; impact is arbitrary file overwrite, with ...

Alfasado PowerCMS 路径遍历漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A path traversal vulnerability exists in Alfasado PowerCMS, which stems from a path traversal in the file upload function that could lead to overwriting arbitrary files...

NUUO NVRmini2 <= 3.11.x Unrestricted Upload RCE

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

RockyLinux 8 : socat (RLSA-2025:11042)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11042 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the RockyLinux...

RLSA-2025:11042 Moderate: socat security update

The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...

CVE-2025-51475

Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...