5231 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-26625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the content...
PT-2025-44043
Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2 Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary file...
CVE-2025-58078
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...
CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...
CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...
Directory Traversal
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Directory Traversal via the Plugin upload. An administrator with permissions to upload plugins can write files to arbitrary directories on the server ...
BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-62424
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
CVE-2025-62424
CVE-2025-62424 concerns ClipBucket, a web-based video-sharing platform. A path traversal flaw exists in the /admin_area/template_editor.php endpoint for ClipBucket versions 5.5.2 - #146 and earlier, caused by inadequate validation of the file-loading path. This allows authenticated administrators...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
DEBIAN-CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
Adobe Creative Cloud < 6.8.0.821 Arbitrary file system write (APSB25-95) (macOS)
The version of Adobe Creative Cloud installed on the remote macOS host is prior to 6.8.0.821. It is, therefore, affected by a vulnerability as referenced in the APSB25-95 advisory. - Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race...
CVE-2025-54271 Creative Cloud Desktop | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing...
CVE-2025-54271
CVE-2025-54271 affects Adobe Creative Cloud Desktop 6.7.0.278 and earlier. It is a Time-of-check Time-of-use (TOCTOU) race condition that could allow arbitrary file system writes by a low-privileged attacker, with no user interaction required. Connected sources (Red Hat, NVD, ENISA/EUVD, CNVD, et...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...