Lucene search
K

5234 matches found

Snyk
Snyk
added 2025/11/20 9:28 p.m.5 views

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection due to improp...

8.8CVSS7.5AI score0.00394EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/11/20 9:1 a.m.7 views

KubeVirt Vulnerable to Arbitrary Host File Read and Write

...

8.5CVSS7AI score0.00207EPSS
Exploits1
Snyk
Snyk
added 2025/11/19 9:55 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in ZIP archives. An attacker can exploit this vulnerability by convincing a user to open or extract a crafted ZIP file containing malicious symlinks to unintended directories,...

7.8CVSS7.6AI score0.27017EPSS
Exploits11References2
Github Security Blog
Github Security Blog
added 2025/11/19 8:30 p.m.13 views

esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

9.8CVSS7.4AI score0.00499EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/11/19 8:30 p.m.3 views

EUVD-2025-198181

esm.sh CDN service has arbitrary file write via tarslip...

8.2CVSS6.6AI score0.00499EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 8:30 p.m.6 views

GHSA-H3MW-4F23-GWPW esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

8.2CVSS7.3AI score0.00499EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 8:15 p.m.6 views

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

7.5CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2025/11/19 5:32 p.m.19 views

CVE-2025-65025

esm.sh CDN before v136 is vulnerable to path traversal during NPM tarball extraction. An attacker can craft a malicious package with file paths like package/../../tmp/evil.js, causing arbitrary files to be written outside the extraction directory when the tarball is unpacked. Multiple connected s...

9.8CVSS6.6AI score0.00499EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/19 5:32 p.m.4 views

CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

8.2CVSS6.6AI score0.00499EPSS
Exploits1References2
NVD
NVD
added 2025/11/19 5:15 p.m.8 views

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

9.8CVSS0.00621EPSS
Exploits2References4
OSV
OSV
added 2025/11/19 5:15 p.m.4 views

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

9.8CVSS6AI score0.00621EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/11/19 4:22 p.m.9 views

CVE-2025-34328 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Upload RCE via ajaxScript.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...

9.3CVSS0.00621EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47477

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodes files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-suppli...

9.3CVSS7.1AI score0.00621EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.11 views

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which originates from an unauthenticated script management endpoint and could lead to arbitrary file writing and execution...

9.8CVSS6.8AI score0.00621EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.4 views

PT-2025-47503

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service is susceptible to a path traversal issue during the extraction of NPM package tarballs. An attacker can create a malicious NPM package with crafted file paths, such as...

8.2CVSS6.7AI score0.00499EPSS
Exploits1References11
CVE
CVE
added 2025/11/18 10:10 p.m.108 views

CVE-2025-64324

KubeVirt’s hostDisk DiskOrCreate logic bug allows an attacker to read and write arbitrary files owned by more privileged users on the host, prior to fixes in 1.6.1 and 1.7.0. A patched version is available (e.g., 1.6.1/1.7.0); SUSE notes 1.6.3 as containing the fix.

8.5CVSS6.4AI score0.00207EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/11/18 10:10 p.m.9 views

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

8.5CVSS0.00207EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/14 10:52 p.m.7 views

CVE-2025-36236

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...

9.1CVSS6.9AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 2:45 p.m.33 views

HSEC-2023-0014 Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option ...

6.1CVSS5.7AI score0.00349EPSS
Exploits1References1
Mageia
Mageia
added 2025/11/13 11:37 p.m.7 views

Updated python-setuptools packages fix security vulnerability

Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. CVE-2025-47273...

8.8CVSS7AI score0.01479EPSS
Exploits4References2
Rows per page
Query Builder