CVE-2025-27519 Cognita Arbitrary File Write

Cognita is a RAG Retrieval Augmented Generation Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setu...

Linux Distros Unpatched Vulnerability : CVE-2021-39134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...

Linux Distros Unpatched Vulnerability : CVE-2023-38745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the...

Linux Distros Unpatched Vulnerability : CVE-2023-35936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior...

Linux Distros Unpatched Vulnerability : CVE-2021-23520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the ZipFile::uncompressEntry function in...

Directory Traversal

Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Directory Traversal in the getlogsizelegacy function in api/crud/logs.py. This allows attackers to access locations on the filesystem outside the project directory. Details A...

Directory Traversal

Overview lilya is a Yet another ASGI toolkit that delivers Affected versions of this package are vulnerable to Directory Traversal in getpath function in staticfiles.py. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25761

CVE-2025-25761 affects HkCms v2.3.2.240702 with an arbitrary file write vulnerability in Appcenter.php. Public sources (NVD/Red Hat, CNNVD, PT-Security, CVE listing) confirm impact as high (C:H, I:H, A:H) with network exposure; exploit details are not provided in the documents. A remediation ment...

PT-2025-8946 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.3.2.240702 Description: The issue is related to an arbitrary file write vulnerability in the Appcenter.php component. This vulnerability allows for the writing of files to arbitrary locations, potentially leading to security...

HkCms 安全漏洞

HkCms is a free and open source content management system from HkCms Open Source. A security vulnerability exists in HkCms version v2.3.2.240702, which originates from an arbitrary file write in the Appcenter.php component...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper limitation of a pathname to a restricted directory in the asset upload functionality. An attacker can upload files to directories outside of the intended temporary directory by manipulating file paths...