Lucene search
K

5250 matches found

EUVD
EUVD
added 2025/12/19 12:31 a.m.3 views

EUVD-2025-204401

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS7.6AI score0.04964EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 9:30 p.m.3 views

CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 9:30 p.m.22 views

CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS0.04964EPSS
Exploits0References3
CVE
CVE
added 2025/12/18 9:30 p.m.15 views

CVE-2025-34452

The CVE-2025-34452 entry affects Streama versions 1.10.0–1.10.5 and prior to commit b7c8767. It describes a combined path traversal and server-side request forgery (SSRF) in the subtitle download feature where user-controlled parameters form file paths and fetch remote content, enabling an authen...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/12/18 7:18 p.m.4 views

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

8.6CVSS5.9AI score0.00707EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/18 1:21 p.m.4 views

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

8.6CVSS5.9AI score0.00707EPSS
Exploits0References9
EUVD
EUVD
added 2025/12/18 1:19 p.m.4 views

EUVD-2025-204258

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.3AI score0.00338EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 12:0 a.m.6 views

ALSA-2025:23667 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...

8.6CVSS7AI score0.00707EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52354

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS8.1AI score0.04964EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

7.2CVSS7.1AI score0.00771EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.7 views

CVE-2025-66449

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS7.6AI score0.00673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.6 views

CVE-2025-34181

NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...

8.7CVSS8.1AI score0.00872EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 12:10 a.m.2 views

CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS7.2AI score0.00673EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/16 12:10 a.m.4 views

EUVD-2025-203483

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS7.1AI score0.00673EPSS
Exploits1References3
CVE
CVE
added 2025/12/16 12:10 a.m.11 views

CVE-2025-66449

ConvertX is affected by an arbitrary file write and code execution vulnerability in versions prior to 0.16.0. The issue stems from the /upload endpoint, where the file.name parameter is taken directly from user input without sanitization, enabling an authenticated attacker to overwrite system bin...

8.8CVSS7.2AI score0.00673EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/16 12:10 a.m.28 views

CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS0.00673EPSS
Exploits1References3
OSV
OSV
added 2025/12/16 12:10 a.m.3 views

CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS7.5AI score0.00673EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51348

Name of the Vulnerable Software and Affected Versions ConvertX versions prior to 0.16.0 Description ConvertX is a self-hosted online file converter. The /upload endpoint allows an authenticated user to write arbitrary files on the system, potentially overwriting binaries and enabling code...

8.8CVSS7.1AI score0.00673EPSS
Exploits1References9
EUVD
EUVD
added 2025/12/15 3:30 p.m.4 views

EUVD-2025-203378

NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...

8.7CVSS7.7AI score0.00872EPSS
Exploits0References5
NVD
NVD
added 2025/12/15 3:15 p.m.4 views

CVE-2025-34181

NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...

8.7CVSS0.00872EPSS
Exploits0References3
Rows per page
Query Builder