CVE-2025-6801 Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability

Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...

The vulnerability of Notepad++ installer allows a hacker to elevate their privileges and write arbitrary files.

The vulnerability of the Notepad++ text editor is related to deficiencies in access control, resulting from uncontrolled access to search paths. Exploiting this vulnerability can allow attackers to enhance their privileges and write arbitrary files...

(0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveNICParamsToFile method. The issue results from th...

SUSE CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

GHSA-2HCM-Q3F4-FJGW OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

CVE-2025-5981

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

CVE-2025-5981 Arbitrary File write in OSV-SCALIBR

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

CVE-2025-5981 Arbitrary File write in OSV-SCALIBR

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images...

CVE-2025-5981

OSV-SCALIBR is affected by a path traversal vulnerability in its unpack() function used for container images, exploitable when the CLI flag --remote-image is used on untrusted images. The issue allows arbitrary file write on the host as the OSV-SCALIBR user. Several sources (GitHub commit referen...

PT-2025-25778 · Unknown · Osv-Scalibr

Name of the Vulnerable Software and Affected Versions: OSV-SCALIBR affected versions not specified Description: The issue allows for arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack function for container images. Th...

Directory Traversal

Overview python-a2a is an A comprehensive Python library for Google's Agent-to-Agent A2A protocol Affected versions of this package are vulnerable to Directory Traversal via the createworkflow function in the api.py file. An attacker can access or modify files outside the intended directory by...

Sitecore多款产品 安全漏洞

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the downloading and installation of Xuggler. An attacker can add files to arbitrary locations on the server and/or download and execute arbitrary files from the download server by manipulating the...

CVE-2025-3594

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to 1 add files to arbitrary locations on the server and 2 download and...

TencentOS Server 3: xz (TSSA-2022:0139)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0139 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: gzip (TSSA-2022:0030)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0030 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...