Lucene search
K

5225 matches found

Cvelist
Cvelist
added 2025/09/17 7:50 p.m.8 views

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

7.9CVSS0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:3 p.m.0 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the X-Zone-Id header. An attacker can cause arbitrary files to be written outside the intended storage directory by supplying specially crafted path traversal sequences in the header...

6.9CVSS9.5AI score0.02829EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2025/09/17 7:3 p.m.10 views

esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header

Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...

6.9CVSS7.8AI score0.02829EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2025/09/17 7:3 p.m.4 views

GHSA-G2H5-CVVR-7GMW esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header

Summary A path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a filesystem path but is not properly canonicalized or restricted to the application’s...

6.9CVSS7.8AI score0.02829EPSS
Exploits2References7
NVD
NVD
added 2025/09/17 6:15 p.m.6 views

CVE-2025-59342

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

6.9CVSS0.02829EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/09/17 5:59 p.m.2 views

CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

6.9CVSS8.9AI score0.02829EPSS
Exploits2References4
OSV
OSV
added 2025/09/17 5:59 p.m.4 views

CVE-2025-59342 esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header

esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...

6.9CVSS9AI score0.02829EPSS
Exploits2References6
OSV
OSV
added 2025/09/17 5:3 p.m.3 views

GO-2025-3926 Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness

Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness...

8.8CVSS7AI score0.00459EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/17 12:0 a.m.3 views

Samsung MagicINFO Server < 21.1052.0 Path Traversal

The version of Samsung MagicINFO Server installed on the remote Windows host is affected by a vulnerability. Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

9.8CVSS8.3AI score0.91941EPSS
Exploits7References4
IBM AIX
IBM AIX
added 2025/09/16 8:16 a.m.7 views

AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)

IBM SECURITY ADVISORY First Issued: Tue Sep 16 08:16:52 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/nasadvisory4.asc Security Bulletin: AIX is vulnerable to arbitrary file write due to Kerberos CVE-2025-36244...

7.4CVSS6.5AI score0.00113EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/09/14 10:3 p.m.196 views

wishlist-member-vuln-analysis

📄 Overview This repository contains a detailed analysis of a...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.9 views

CVE-2025-41714

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

8.8CVSS7.8AI score0.00624EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/09/11 11:22 p.m.3 views

SUSE CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

4.3CVSS7.2AI score0.0032EPSS
Exploits1References2
NVD
NVD
added 2025/09/10 7:15 a.m.6 views

CVE-2025-41714

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

8.8CVSS0.00624EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 6:48 a.m.1 views

CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

8.8CVSS7.7AI score0.00624EPSS
Exploits0References1
CVE
CVE
added 2025/09/10 6:48 a.m.33 views

CVE-2025-41714

CVE-2025-41714 affects the Welotec SmartEMS Web Application (SmartEMS Upload Handling). The issue is in the upload endpoint where the Upload-Key header is not adequately validated, allowing path traversal sequences to cause upload-related artifacts to be created outside the intended storage locat...

8.8CVSS7.7AI score0.00624EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/09 9:19 p.m.3 views

Zip Slip

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of zipfile.extractalloutputdir. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences...

8.8CVSS7.4AI score0.00568EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/09 9:19 p.m.10 views

MONAI does not prevent path traversal, potentially leading to arbitrary file writes

Summary The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of t...

8.8CVSS6.9AI score0.00568EPSS
Exploits1References6Affected Software1
Adobe
Adobe
added 2025/09/09 12:0 a.m.15 views

APSB25-93 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system write...

10CVSS7.1AI score0.19934EPSS
Exploits0
OSV
OSV
added 2025/09/08 2:13 p.m.30 views

GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve

Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...

7.7CVSS6.8AI score0.00315EPSS
Exploits0References2
Rows per page
Query Builder