Lucene search
K

5226 matches found

Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39215

Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions 0.5.3 and earlier Description astral-tokio-tar is a tar archive reading/writing library for async Rust. Tar archives may extract files outside of their intended destination directory when using the Entry::unpack in ra...

8.6CVSS6.9AI score0.00202EPSS
Exploits0References19
Cvelist
Cvelist
added 2025/09/22 12:4 p.m.11 views

CVE-2025-10854 Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices

The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...

8.1CVSS0.00427EPSS
Exploits0References2
CVE
CVE
added 2025/09/22 12:4 p.m.26 views

CVE-2025-10854

The CVE-2025-10854 issue affects the txtai framework where loading compressed tar files as embedding indices is vulnerable: the existing path traversal protection does not account for symbolic links inside the tar, allowing an attacker to write arbitrary files on the filesystem when untrusted emb...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 12:4 p.m.9 views

CVE-2025-10854 Symlink Following in txtai leads to arbitrary file write when loading untrusted embedding indices

The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames, it does not account for symbolic links within the tar file. An attacker is able to write a file anywhe...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/21 7:25 p.m.11 views

CVE-2025-34191

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.5CVSS6.9AI score0.0028EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.2 views

SUSE CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

8.8CVSS7.1AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2025/09/19 7:15 p.m.7 views

CVE-2025-34191

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.5CVSS0.0028EPSS
Exploits1References4
OSV
OSV
added 2025/09/19 7:15 p.m.2 views

CVE-2025-34191

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.4CVSS5.8AI score0.0028EPSS
Exploits1References4
CVE
CVE
added 2025/09/19 6:51 p.m.24 views

CVE-2025-34191

Vulnerability CVE-2025-34191 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Vasion Print Application versions prior to 20.0.1923 (macOS/Linux client deployments). The issue is an arbitrary file write via response file handling: tasks write respo...

8.5CVSS6.6AI score0.0028EPSS
Exploits1References4Affected Software2
Vulnrichment
Vulnrichment
added 2025/09/19 6:51 p.m.5 views

CVE-2025-34191 Vasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlink Follow

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.5CVSS6.6AI score0.0028EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/19 6:51 p.m.13 views

CVE-2025-34191 Vasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlink Follow

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.5CVSS0.0028EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/09/19 6:51 p.m.4 views

CVE-2025-34191

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...

8.5CVSS5.9AI score0.0028EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/19 6:30 p.m.3 views

CVE-2025-59342

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

6.9CVSS9AI score0.02829EPSS
Exploits2References1
NVD
NVD
added 2025/09/19 4:15 p.m.25 views

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

9.1CVSS0.00694EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 4:15 p.m.5 views

CVE-2025-57644

Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...

9.1CVSS6.3AI score0.00694EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38543

Name of the Vulnerable Software and Affected Versions Accela Automation Platform version 22.2.3.0.230103 Description Accela Automation Platform contains multiple issues within the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, potentially...

9.1CVSS7.9AI score0.00694EPSS
Exploits0References5
CVE
CVE
added 2025/09/19 12:0 a.m.21 views

CVE-2025-57644

CVE-2025-57644 affects Accela Automation Platform 22.2.3.0.230103 (Test Script feature). An authenticated administrative user can execute arbitrary Java code on the server, enabling remote code execution. Additional flaws include improper input validation that allows arbitrary file write and serv...

9.1CVSS8.2AI score0.00694EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.4 views

Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞

Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A security vulnerability exists in Vasion Print...

8.5CVSS6.7AI score0.0028EPSS
Exploits1References5
OSV
OSV
added 2025/09/17 8:11 p.m.4 views

GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

7.9CVSS8.3AI score0.0068EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/17 8:11 p.m.7 views

DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

9.8CVSS8.3AI score0.0068EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder