Lucene search
K

5234 matches found

Github Security Blog
Github Security Blog
added 2025/10/09 10:22 p.m.5 views

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS8AI score0.00668EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/09 10:22 p.m.4 views

GHSA-FHW8-8V9P-7JP7 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS8AI score0.00668EPSS
Exploits0References5
NVD
NVD
added 2025/10/09 4:15 p.m.3 views

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS0.00668EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.14 views

CVE-2025-10284

BBOT’s unarchive.py is vulnerable to arbitrary file write and remote code execution when extracting crafted archives, due to insufficient sanitization of archive entry paths (path traversal/Zip-Slip-like behavior). The CVE description and multiple sources (NVD/NVD entry, Red Hat advisory, GHSA, a...

9.6CVSS7.8AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 3:46 p.m.8 views

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS0.00668EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/09 3:21 p.m.10 views

Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...

9.9CVSS7.5AI score0.11853EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2025/10/09 3:21 p.m.4 views

GHSA-JV9M-VF54-CHJJ Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...

9.9CVSS7.4AI score0.11853EPSS
Exploits1References7
OSV
OSV
added 2025/10/09 8:15 a.m.6 views

CVE-2025-11539

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS8.4AI score0.0058EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 8:15 a.m.7 views

CVE-2025-11539

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS0.0058EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 7:18 a.m.3 views

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS8AI score0.0058EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/08 10:43 p.m.2 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS6.9AI score0.11853EPSS
Exploits1References4
CVE
CVE
added 2025/10/08 10:43 p.m.26 views

CVE-2025-61913

Summary: Flowise contains directory-traversal vulnerabilities via its ReadFileTool and WriteFileTool (and related components) that allow an authenticated attacker to read or write arbitrary files on the server, potentially enabling remote command execution. The root cause is lack of validation of...

9.9CVSS6.9AI score0.11853EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/10/08 10:43 p.m.26 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS0.11853EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 9:53 p.m.6 views

Security Bulletin: AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)

Summary Vulnerability in AIX's Kerberos could allow a non-privileged local user to write to arbitrary files CVE-2025-36244 Vulnerability Details CVEID:CVE-2025-36244 DESCRIPTION: IBM AIX, when configured to use Kerberos network authentication, could allow a local user to write to files on the...

7.4CVSS6.4AI score0.00113EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/10/08 4:47 p.m.6 views

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

3.3CVSS7AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2025/10/07 9:15 p.m.3 views

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...

3.3CVSS0.0016EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-5228

Malware in sbrugna...

4.9CVSS6AI score0.01785EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0798

Malware in sbrugna...

7.7CVSS7AI score0.03266EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-1238

Malware in sbrugna...

9.8CVSS8.6AI score0.02174EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-14252

Malware in sbrugna...

7.2CVSS7AI score0.01632EPSS
Exploits1References2
Rows per page
Query Builder