5226 matches found
CVE-2025-10578
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...
CVE-2025-10578
CVE-2025-10578 affects HP Support Assistant, prior to version 9.47.41.0. The documented impact is local privilege escalation via an arbitrary file write. The connected sources consistently identify the affected product and version range, and recommend updating to 9.47.41.0 or later as the remedia...
CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...
CVE-2025-10578 HP Support Assistant - Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write...
PT-2025-40286
Name of the Vulnerable Software and Affected Versions HP Support Assistant versions prior to 9.47.41.0 Description A security issue exists in HP Support Assistant that may allow a local attacker to gain higher-level access through arbitrary file writing. Recommendations Update HP Support Assistan...
HP Support Assistant 安全漏洞
HP Support Assistant is a suite of solutions from Hewlett-Packard HP in the United States that provides support and other features for PCs and printers. A security vulnerability exists in HP Support Assistant versions prior to 9.47.41.0, which originates from a local attacker being able to write...
Arbitrary File Write
mobsf is vulnerable to Arbitrary file write. The vulnerability is due to improper validation of uploaded files, which allows an attacker to write arbitrary files to any directory writable by the MobSF process user...
Directory Traversal
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Directory Traversal via the ComboServlet component. An attacker can access arbitrary CSS and JS files and cause repeated loading of these files by manipulating the...
HP Support Assistant - Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. HP has identified affected versions and the minimum version that...
Linux Distros Unpatched Vulnerability : CVE-2025-59825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of...
Arbitrary File Write
github.com/harness/gitness is vulnerable to Arbitrary file write. The vulnerability is due to improper sanitization of the upload path, which allows an attacker to craft a malicious upload request and write arbitrary files to any location on the file system...
PT-2025-43007
Name of the Vulnerable Software and Affected Versions Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.1 Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.0 Description A path traversal flaw exists in Atlassian Jira Software Data Center and...
ROS-20250925-04
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...
ROS-20250925-02
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
GO-2025-3971 DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly
DragonFly vulnerable to arbitrary file read and write on a peer machine in d7y.io/dragonfly...
GO-2025-3967 esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh
esm.sh has arbitrary file write via path traversal in X-Zone-Id header in github.com/esm-dev/esm.sh...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Entry::unpackinraw API and the Entry::allowexternalsymlinks control which defaults to true. An attacker can write files outside the intended extraction directory and perform an arbitrary file write which can...
CVE-2025-59825
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...
CVE-2025-59825
CVE-2025-59825 affects astral-tokio-tar (Rust) up to v0.5.3: tar extraction can escape the target dir via Entry::unpack_in_raw and via a symlink pair that bypasses allow_external_symlinks, potentially enabling arbitrary file writes and code execution. The issue is fixed in v0.5.4; upgrading is re...
GHSA-3WGQ-WRWC-VQMV astral-tokio-tar has a path traversal in tar extraction
Impact In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which defaults to true could be bypassed via a pair of symlinks that...