5249 matches found
EUVD-2025-198181
esm.sh CDN service has arbitrary file write via tarslip...
CVE-2025-51661
A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...
CVE-2025-65025
esm.sh CDN before v136 is vulnerable to path traversal during NPM tarball extraction. An attacker can craft a malicious package with file paths like package/../../tmp/evil.js, causing arbitrary files to be written outside the extraction directory when the tarball is unpacked. Multiple connected s...
CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip
esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...
CVE-2025-34328
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...
CVE-2025-34328
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...
CVE-2025-34328 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Upload RCE via ajaxScript.php
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...
PT-2025-47477
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodes files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-suppli...
AudioCodes Fax Server 安全漏洞
AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which originates from an unauthenticated script management endpoint and could lead to arbitrary file writing and execution...
PT-2025-47503
Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description The esm.sh CDN service is susceptible to a path traversal issue during the extraction of NPM package tarballs. An attacker can create a malicious NPM package with crafted file paths, such as...
CVE-2025-64324
KubeVirt’s hostDisk DiskOrCreate logic bug allows an attacker to read and write arbitrary files owned by more privileged users on the host, prior to fixes in 1.6.1 and 1.7.0. A patched version is available (e.g., 1.6.1/1.7.0); SUSE notes 1.6.3 as containing the fix.
CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write
KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...
CVE-2025-36236
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...
HSEC-2023-0014 Arbitrary file write is possible when using PDF output or --extract-media with untrusted input
Arbitrary file write is possible when using PDF output or --extract-media with untrusted input Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option ...
Updated python-setuptools packages fix security vulnerability
Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. CVE-2025-47273...
CVE-2025-36236
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...
CVE-2025-36236 AIX Path Traversal
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...
CVE-2025-47221
An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...
SUSE CVE-2025-64486
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...
PT-2025-46922
Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1 Description The NIM server service formerly known as NIM master – nimesis – may allow a remote attacker to traverse directories on the system. An attacker could send a specially crafte...