CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2026-27825

The CVE-2026-27825 entry describes an arbitrary file write in MCP Atlassian’s MCP server for Confluence/Jira. Before version 0.17.0, the confluence_download_attachment tool accepts a download_path without directory boundary enforcement, allowing an attacker who can call the tool and provide a Con...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractZipArchive function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js downloa...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractZipArchive function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js downloa...

PT-2026-24642

Summary The confluence download attachment MCP tool accepts a download path parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the...

📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write

A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...

PT-2026-24467

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.2 Description OliveTin provides access to predefined shell commands through a web interface. When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename for these logs ...

EUVD-2025-208362

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

EUVD-2025-208359

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

EUVD-2025-208363

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41757

A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758 Arbitrary Write with wwwupload.cgi

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41758 Arbitrary Write with wwwupload.cgi

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

CVE-2025-41757

The CVE-2025-41757 entry concerns the backup restore functionality of UBR (ubr-restore) . The vulnerability arises because this component runs with elevated privileges and does not validate the contents of the backup archive, enabling a low-privileged remote attacker to create or overwrite arbitr...