5219 matches found
Exploit for Out-of-bounds Write in Gibbonedu Gibbon
Gibbon LMS Arbitrary File Write / RCE Vulnerability Informa...
CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...
CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...
CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...
PT-2025-16473 · Jellyfin +1 · Jellyfin +1
Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.10.7 Description: Jellyfin is an open source self-hosted media server. The issue concerns argument injection in FFmpeg, which can potentially lead to remote code execution by anyone with credentials to a...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the Unarchive function. An attacker can overwrite sensitive files and potentially escalate privileges by supplying a malicious archive file containing symlinks, which is unarchived...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/mholt/archiver is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip in the Unarchive function. An attacker can overwrite sensitive files and potentially escala...
EulerOS 2.0 SP11 : rsync (EulerOS-SA-2025-1377)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...
EulerOS 2.0 SP11 : rsync (EulerOS-SA-2025-1378)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...
CVE-2025-27082
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...
CVE-2025-27082
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...
CVE-2025-27082
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...
CVE-2025-27082 Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...
CVE-2025-27082
The CVE-2025-27082 entry concerns an Arbitrary File Write vulnerability in the web-based management interfaces of HPE AOS-10 GW and AOS-8 Controller/Mobility Conductor. Affected component: the web UI backend for AOS-10 GW and AOS-8 Controller/Mobility Conductor. Root cause: ability for an authent...
CVE-2025-27082 Authenticated Remote Code Execution Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlyin...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-32018 Arbitrary file write from Cursor Agent through a prompt injection from malicious @Docs
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the us...
CVE-2025-20951
Summary: CVE-2025-20951 affects Galaxy Store prior to 4.5.90.7 due to improper verification of intent by a broadcast receiver, enabling a local attacker to write arbitrary files with Galaxy Store privileges. Affected software: Galaxy Store (Android) versions before 4.5.90.7. Root cause: insuffici...
CVE-2025-20951
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...