5234 matches found
CVE-2025-64184 Dosage vulnerable to Directory Traversal through crafted HTTP responses
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...
CVE-2025-57698
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...
PT-2025-45522
Name of the Vulnerable Software and Affected Versions calibre versions 8.13.0 and prior Description calibre is an e-book manager. Versions 8.13.0 and earlier do not validate filenames when handling binary assets within FB2 files. This allows an attacker to write arbitrary files to the filesystem...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview mqtt is a Pure Ruby gem that implements the MQTT protocol, a lightweight protocol for publish/subscribe messaging. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to the lack of hostname validation in the connection process. An...
Exploit for Path Traversal in Rarlab Winrar
🧩 CVE-2025-8088 — WinRAR Zero-Day Vulnerability Type: Pat...
EUVD-2025-37437
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
Directory Traversal
Overview mci-py is a Python adapter for MCI Affected versions of this package are vulnerable to Directory Traversal via the FileExecutor.execute and CLIExecutor.execute functions. An attacker can read, write, or execute files outside of the intended directory Details A Directory Traversal attack...
PT-2025-44730
Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The /etc/timezone file can be written to arbitrarily. This allows for potential modification of system-wide timezone settings. Recommendations Update BLU-IC2 to a...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29083)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...
CVE-2025-3356 IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view, overwrite, or append to arbitrary files on the system...
ROS-20251030-05
Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...
CVE-2025-12422
Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12422
Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12422
Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)
Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)
Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...
CVE-2025-12422
The CVE-2025-12422 vulnerability affects Azure Access Technology BLU-IC2 and BLU-IC4 (up to and including version 1.19.5). A flaw in the upgrade feature allows arbitrary file writing, which could enable elevation of privileges to a super user on the device. Publicly documented details in PT-Secur...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Exploit for CVE-2025-22167
README — CVE-2025-22167 Atlassian Jira For defensive us...