5222 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the path.join function. An attacker can bypass the path traversal protection and access restricted files by crafting specific path inputs that leverage Windows reserved driver names such as CON, PRN, and AUX. Note...
OESA-2025-1859 plexus-archiver security update
The Plexus project provides a full software stack for creating and executing software projects. It provides a number of pre-built components for common tasks and toolkits such as Jetty, Velocity, Hibernate, i18n, and many more. However, Plexus is also able to reuse your existing components writte...
CVE-2025-7619
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
AZL-65330 CVE-2025-53905 affecting package vim for versions less than 9.1.1552-1
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successful...
UBUNTU-CVE-2025-53906
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...
CVE-2025-7619
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
CVE-2025-7619
CVE-2025-7619 concerns BatchSignCS (WellChoose) on Windows with an Arbitrary File Write vulnerability, described across multiple sources as involving a path traversal flaw that could enable writing files to arbitrary paths when a user visits a malicious site while the app is running. The connecte...
CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
CVE-2025-7619 WellChoose|BatchSignCS - Arbitrary File Write through Path Traversal
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code execution...
WellChoose BatchSignCS 安全漏洞
WellChoose BatchSignCS is a signing service system from WellChoose, Inc. of Taiwan, China. A security vulnerability exists in WellChoose BatchSignCS that originates from an arbitrary file write and could lead to the execution of arbitrary code...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the ResetUserAvatar function in the API component when processing the filename argument. An attacker can overwrite or delete arbitrary files on the server by supplying crafted path values. Details A Directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the extraction process of zip archives. An attacker can write files to arbitrary locations on the file system by crafting a zip archive with directory traversal sequences in file paths. Note: This is only...
USN-7626-2 git regression
USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...
CVE-2025-6806
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6801
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...
CVE-2025-40738
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...
CVE-2025-40737
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...
Siemens SINEC NMS 路径遍历漏洞
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...
CVE-2025-6806
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2025-6801
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...