CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059

CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...

PT-2025-6084

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...

PT-2025-6035 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-5183 - CVE-2020-32262: Oracle Net Suite EnterpriseOne Client-Server Arbitrary File Write", "Content": "CVE ID : CVE-2024-5183 Published : Feb. 8, 2025, 10:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: This CVE ID has been rejected or...

PT-2025-6034 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-5183 - CVE-2020-32262: Oracle Net Suite EnterpriseOne Client-Server Arbitrary File Write", "Content": "CVE ID : CVE-2024-5183 Published : Feb. 8, 2025, 10:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: This CVE ID has been rejected or...

CVE-2022-21675

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

CVE-2025-0799

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2025-0799 IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2025-0799

Summary: CVE-2025-0799 affects IBM App Connect Enterprise and related Certified Container components. An authenticated user could exploit a path traversal flaw during bar configuration deployment to write arbitrary files, due to improper pathname restrictions on restricted directories. Affected v...

CVE-2025-0799 IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2022-39205

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-6109

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a...

CVE-2024-43373

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-41973

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-42471

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

Updated libreoffice packages fix security vulnerabilities

Path traversal leading to arbitrary .ttf file write. CVE-2024-12425 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. CVE-2024-12426...