Lucene search
K

5226 matches found

NVD
NVD
added 2025/10/01 7:15 p.m.4 views

CVE-2025-10578

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

7.8CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2025/10/01 6:44 p.m.10 views

CVE-2025-10578

CVE-2025-10578 affects HP Support Assistant, prior to version 9.47.41.0. The documented impact is local privilege escalation via an arbitrary file write. The connected sources consistently identify the affected product and version range, and recommend updating to 9.47.41.0 or later as the remedia...

7.8CVSS6.6AI score0.00109EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/01 6:44 p.m.2 views

CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

5.8CVSS6.6AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/01 6:44 p.m.8 views

CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...

5.8CVSS0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.7 views

PT-2025-40286

Name of the Vulnerable Software and Affected Versions HP Support Assistant versions prior to 9.47.41.0 Description A security issue exists in HP Support Assistant that may allow a local attacker to gain higher-level access through arbitrary file writing. Recommendations Update HP Support Assistan...

5.8CVSS6.5AI score0.00109EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

HP Support Assistant 安全漏洞

HP Support Assistant is a suite of solutions from Hewlett-Packard HP in the United States that provides support and other features for PCs and printers. A security vulnerability exists in HP Support Assistant versions prior to 9.47.41.0, which originates from a local attacker being able to write...

5.8CVSS6.6AI score0.00109EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/30 5:39 p.m.5 views

Arbitrary File Write

mobsf is vulnerable to Arbitrary file write. The vulnerability is due to improper validation of uploaded files, which allows an attacker to write arbitrary files to any directory writable by the MobSF process user...

6.5CVSS7.2AI score0.0056EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/09/30 12:30 a.m.6 views

Directory Traversal

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Directory Traversal via the ComboServlet component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the...

8.2CVSS7.7AI score0.00464EPSS
Exploits0References2
Hewlett-Packard
Hewlett-Packard
added 2025/09/30 12:0 a.m.14 views

HP Support Assistant - Potential Escalation of Privilege

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. HP has identified affected versions and the minimum version that...

7.8CVSS5.9AI score0.00109EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/29 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-59825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of...

8.6CVSS6AI score0.00202EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/26 7:22 a.m.5 views

Arbitrary File Write

github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...

8.8CVSS7.3AI score0.00459EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.5 views

PT-2025-43007

Name of the Vulnerable Software and Affected Versions Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.1 Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.0 Description A path traversal flaw exists in Atlassian Jira Software Data Center and...

9CVSS9.6AI score0.00428EPSS
Exploits1References22
Redos
Redos
added 2025/09/25 12:0 a.m.9 views

ROS-20250925-04

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...

9.4CVSS6.5AI score0.01184EPSS
Exploits14
Redos
Redos
added 2025/09/25 12:0 a.m.7 views

ROS-20250925-02

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

9.4CVSS7AI score0.01184EPSS
Exploits14
OSV
OSV
added 2025/09/24 7:21 p.m.3 views

GO-2025-3971 DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly

DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly...

9.8CVSS7AI score0.0068EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 7:21 p.m.5 views

GO-2025-3967 esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh

esm.sh has arbitrary file write via path traversal in X-Zone-Id header in github.com/esm-dev/esm.sh...

6.9CVSS7.2AI score0.02829EPSS
Exploits2References5
Snyk
Snyk
added 2025/09/23 8:42 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Entry::unpackinraw API and the Entry::allowexternalsymlinks control which defaults to true. An attacker can write files outside the intended extraction directory and perform an arbitrary file write which can...

8.6CVSS7.7AI score0.00202EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 8:15 p.m.10 views

CVE-2025-59825

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...

8.6CVSS0.00202EPSS
Exploits0References3
CVE
CVE
added 2025/09/23 8:0 p.m.19 views

CVE-2025-59825

CVE-2025-59825 affects astral-tokio-tar (Rust) up to v0.5.3: tar extraction can escape the target dir via Entry::unpack_in_raw and via a symlink pair that bypasses allow_external_symlinks, potentially enabling arbitrary file writes and code execution. The issue is fixed in v0.5.4; upgrading is re...

8.6CVSS7.2AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2025/09/23 5:45 p.m.4 views

GHSA-3WGQ-WRWC-VQMV astral-tokio-tar has a path traversal in tar extraction

Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...

8.6CVSS7.8AI score0.00202EPSS
Exploits0References5
Rows per page
Query Builder