Lucene search
K

5249 matches found

CVE
CVE
added 2025/12/02 6:39 p.m.34 views

CVE-2025-34352

CVE-2025-34352 affects JumpCloud Remote Assist for Windows prior to v0.317.0. The Windows agent’s uninstaller runs with NT AUTHORITY\SYSTEM privileges and writes/deletes in a user-writable %TEMP% subdirectory without validating trust or ACLs. An attacker who pre-creates the temp directory (with w...

8.5CVSS6.4AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/02 6:39 p.m.9 views

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

8.5CVSS0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/02 6:39 p.m.3 views

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

8.5CVSS6.4AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/02 12:23 a.m.6 views

SUSE CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS7.9AI score0.00496EPSS
Exploits9References5
Github Security Blog
Github Security Blog
added 2025/12/01 7:7 p.m.44 views

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

9.8CVSS8.3AI score0.00496EPSS
Exploits9References4Affected Software1
OSV
OSV
added 2025/12/01 7:7 p.m.4 views

GHSA-768J-98CG-P3FV fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...

6.3CVSS7.6AI score0.00496EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References2
Vulnrichment
Vulnrichment
added 2025/11/29 3:4 a.m.8 views

CVE-2025-66224 OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS6.6AI score0.00491EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/29 3:4 a.m.9 views

CVE-2025-66224 OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS0.00491EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/29 1:40 a.m.30 views

XML Injection

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to XML Injection via the main function in the fontTools/varLib/init.py file. An attacker can write files to the filesystem by supplying a specially crafted .designspace file. Remediation Upgrad...

9.8CVSS7.1AI score0.00496EPSS
Exploits9References2
OSV
OSV
added 2025/11/29 1:16 a.m.26 views

DEBIAN-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS8.4AI score0.00496EPSS
Exploits9References1
OSV
OSV
added 2025/11/29 1:16 a.m.5 views

UBUNTU-CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References5
Vulnrichment
Vulnrichment
added 2025/11/29 1:7 a.m.8 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS7.6AI score0.00496EPSS
Exploits9References2
Cvelist
Cvelist
added 2025/11/29 1:7 a.m.11 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS0.00496EPSS
Exploits9References2
CVE
CVE
added 2025/11/29 1:7 a.m.142 views

CVE-2025-66034

CVE-2025-66034 affects fontTools, a Python font manipulation library. Affected: fontTools.varLib main() path when processing malicious .designspace files; arbitrary file write can lead to remote code execution. Impact: high (per CVSS 3.1, base 9.8) when exploited via the varLib CLI or code invoki...

9.8CVSS7.8AI score0.00496EPSS
Exploits9References2Affected Software1
OSV
OSV
added 2025/11/29 1:7 a.m.28 views

CVE-2025-66034 fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

6.3CVSS8AI score0.00496EPSS
Exploits9References4
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.4 views

PT-2025-48353

Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1 Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main code path, which can lead to arbitrary file write and...

9.8CVSS8AI score0.01228EPSS
Exploits10References30
VulnCheck KEV
VulnCheck KEV
added 2025/11/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS5.9AI score0.02763EPSS
In wildExploits1References77
CNNVD
CNNVD
added 2025/11/29 12:0 a.m.4 views

FontTools 安全漏洞

FontTools is a FontTools open source library written in Python for manipulating fonts. A security vulnerability exists in FontTools version 4.33.0 through versions prior to 4.60.2, which stems from an arbitrary file write when processing a malicious .designspace file, and could lead to remote cod...

9.8CVSS7.7AI score0.00496EPSS
Exploits9References3
OSV
OSV
added 2025/11/25 6:12 p.m.4 views

GO-2025-4138 esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh

esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh...

9.8CVSS7AI score0.00499EPSS
Exploits1References3
Rows per page
Query Builder