Lucene search
K

5234 matches found

OSV
OSV
added 2025/11/07 3:2 a.m.8 views

CVE-2025-64184 Dosage vulnerable to Directory Traversal through crafted HTTP responses

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6.9AI score0.00395EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-57698

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...

6.3AI score0.0069EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.4 views

PT-2025-45522

Name of the Vulnerable Software and Affected Versions calibre versions 8.13.0 and prior Description calibre is an e-book manager. Versions 8.13.0 and earlier do not validate filenames when handling binary assets within FB2 files. This allows an attacker to write arbitrary files to the filesystem...

9.3CVSS7.5AI score0.00159EPSS
Exploits0References11
Snyk
Snyk
added 2025/11/06 9:31 p.m.2 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview mqtt is a Pure Ruby gem that implements the MQTT protocol, a lightweight protocol for publish/subscribe messaging. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to the lack of hostname validation in the connection process. An...

9.1CVSS7.8AI score0.00313EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/02 7:23 p.m.154 views

Exploit for Path Traversal in Rarlab Winrar

🧩 CVE-2025-8088 — WinRAR Zero-Day Vulnerability Type: Pat...

8.8CVSS8.1AI score0.85778EPSS
Exploits35
EUVD
EUVD
added 2025/11/01 9:30 p.m.7 views

EUVD-2025-37437

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

2.3CVSS6.5AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/01 6:38 a.m.3 views

Directory Traversal

Overview mci-py is a Python adapter for MCI Affected versions of this package are vulnerable to Directory Traversal via the FileExecutor.execute and CLIExecutor.execute functions. An attacker can read, write, or execute files outside of the intended directory Details A Directory Traversal attack...

8.7CVSS7.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.4 views

PT-2025-44730

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The /etc/timezone file can be written to arbitrarily. This allows for potential modification of system-wide timezone settings. Recommendations Update BLU-IC2 to a...

9.8CVSS6.6AI score0.00273EPSS
Exploits0References4
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29083)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...

10CVSS7.4AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 7:22 p.m.6 views

CVE-2025-3356 IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view, overwrite, or append to arbitrary files on the system...

8.6CVSS0.00387EPSS
Exploits0References1
Redos
Redos
added 2025/10/30 12:0 a.m.6 views

ROS-20251030-05

Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...

7.1CVSS7.3AI score0.00442EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/29 6:11 p.m.11 views

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS6.9AI score0.00442EPSS
Exploits0References1
NVD
NVD
added 2025/10/28 6:15 p.m.5 views

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS0.00442EPSS
Exploits0References1
OSV
OSV
added 2025/10/28 6:15 p.m.2 views

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

9.8CVSS5.8AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 6:9 p.m.8 views

CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 6:9 p.m.3 views

CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS6.5AI score0.00442EPSS
Exploits0References1
CVE
CVE
added 2025/10/28 6:9 p.m.9 views

CVE-2025-12422

The CVE-2025-12422 vulnerability affects Azure Access Technology BLU-IC2 and BLU-IC4 (up to and including version 1.19.5). A flaw in the upgrade feature allows arbitrary file writing, which could enable elevation of privileges to a super user on the device. Publicly documented details in PT-Secur...

10CVSS6.5AI score0.00442EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...

10CVSS7.3AI score0.00442EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 8:37 p.m.2 views

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

8.9CVSS6.3AI score0.13848EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/10/27 2:23 a.m.396 views

Exploit for CVE-2025-22167

README — CVE-2025-22167 Atlassian Jira For defensive us...

8.7CVSS6.8AI score0.00428EPSS
Exploits1
Rows per page
Query Builder