Lucene search
K

5231 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-26625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the content...

8.6CVSS7.2AI score0.00707EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.4 views

PT-2025-44043

Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2 Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary file...

10CVSS9.3AI score0.13848EPSS
Exploits14References118
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.7 views

CVE-2025-58078

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS7.3AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/23 10:9 p.m.7 views

CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS0.00562EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/23 10:9 p.m.3 views

CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS6.9AI score0.00562EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/21 6:2 p.m.2 views

Directory Traversal

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Directory Traversal via the Plugin upload. An administrator with permissions to upload plugins can write files to arbitrary directories on the server ...

8.5CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2025/10/21 8:40 a.m.4 views

BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS7.1AI score0.00707EPSS
Exploits0References7
NVD
NVD
added 2025/10/17 6:15 p.m.6 views

CVE-2025-62424

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

6.7CVSS0.00858EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/17 5:23 p.m.10 views

CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

6.7CVSS0.00858EPSS
Exploits1References2
CVE
CVE
added 2025/10/17 5:23 p.m.15 views

CVE-2025-62424

CVE-2025-62424 concerns ClipBucket, a web-based video-sharing platform. A path traversal flaw exists in the /admin_area/template_editor.php endpoint for ClipBucket versions 5.5.2 - #146 and earlier, caused by inadequate validation of the file-loading path. This allows authenticated administrators...

6.7CVSS6AI score0.00858EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/10/17 4:15 p.m.4 views

CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS0.00707EPSS
Exploits0References6
OSV
OSV
added 2025/10/17 4:15 p.m.3 views

DEBIAN-CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS7.3AI score0.00707EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/17 3:30 p.m.3 views

CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS7.1AI score0.00707EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/10/17 3:30 p.m.2 views

CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS6.6AI score0.00707EPSS
Exploits0References5
CVE
CVE
added 2025/10/17 3:30 p.m.54 views

CVE-2025-26625

Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...

8.6CVSS6.6AI score0.00707EPSS
Exploits0References6
OSV
OSV
added 2025/10/17 3:30 p.m.4 views

CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS7.1AI score0.00707EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/10/16 12:0 a.m.6 views

Adobe Creative Cloud < 6.8.0.821 Arbitrary file system write (APSB25-95) (macOS)

The version of Adobe Creative Cloud installed on the remote macOS host is prior to 6.8.0.821. It is, therefore, affected by a vulnerability as referenced in the APSB25-95 advisory. - Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race...

5.6CVSS5.8AI score0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 4:21 p.m.7 views

CVE-2025-54271 Creative Cloud Desktop | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing...

5.6CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 4:21 p.m.29 views

CVE-2025-54271

CVE-2025-54271 affects Adobe Creative Cloud Desktop 6.7.0.278 and earlier. It is a Time-of-check Time-of-use (TOCTOU) race condition that could allow arbitrary file system writes by a low-privileged attacker, with no user interaction required. Connected sources (Red Hat, NVD, ENISA/EUVD, CNVD, et...

5.6CVSS6.4AI score0.0013EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/10/14 8:4 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...

9.3CVSS7.5AI score0.00921EPSS
Exploits0References2
Rows per page
Query Builder