5215 matches found
CVE-2025-27142
LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...
ClickHouse < 19.14.3
The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...
CVE-2025-25765
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...
CVE-2025-25765
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...
CVE-2025-25765
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...
CVE-2024-38657
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...
CVE-2024-38657
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files...
CVE-2025-25765
CVE-2025-25765 affects MRCMS v3.1.2, with a vulnerability in the /file/save.do component that permits arbitrary file write. Descriptions collected across multiple feeds consistently name the affected product and the vulnerable endpoint, indicating an impact on the ability to write files locally. ...
CVE-2025-25765
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...
CVE-2024-49780
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the download function due to improper input validation when processing image references during task exports. . An attacker can access files outside the intended directory structure by creating tasks with path...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
Mercedes-Benz NTG 安全漏洞
Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that stems from insufficient file checking when importing or exporting profile settings via USB. An attacker could exploit the vulnerability to write arbitrary files...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
CVE-2023-34402
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...
CVE-2023-34402
CVE-2023-34402 affects Mercedes‑Benz head‑unit NTG6. The vulnerability arises when importing/exporting profile settings over USB: an embedded file can encapsulate another file and, due to missing checks during processing, allows Arbitrary File Write with the rights of the speech service. Public d...
Directory Traversal
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path traversal aims to access files...
CVE-2024-13059
A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...