CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

CVE-2024-12425 Path traversal leading to arbitrary .ttf file write

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...

CVE-2024-12425 Path traversal leading to arbitrary .ttf file write

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...

CVE-2024-12425

CVE-2024-12425 concerns LibreOffice: an improper PATH traversal in the Document Foundation implementation allows an attacker to write to arbitrary locations (suffixing outputs with .ttf) by supplying a file that contains embedded font data. Affected versions are LibreOffice 24.8 and earlier than ...

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font...

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

PT-2025-54482

Name of the Vulnerable Software and Affected Versions GNU Wget2 affected versions not specified Description GNU Wget2 contains a path traversal flaw when processing Metalink documents. The application does not properly validate file paths within the elements of Metalink v3/v4 documents. This allo...

PT-2025-54483

Name of the Vulnerable Software and Affected Versions GNU Wget2 affected versions not specified Description A stack-based buffer overflow exists in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote...

CVE-2024-55947

Gogs self-hosted Git service affected up to version 0.13.3. CVE-2024-55947 enables path traversal via the PutContents API, allowing writing files to arbitrary server paths and potentially SSH access. The issue is fixed in 0.13.1; later advisories (CNAs) discuss bypass attempts and continued scrut...

Arbitrary File Write

Luigi is vulnerable to Arbitrary File Write. The vulnerability is due to improper destination file path validation in the extractpackagesarchive function, which allows attackers to craft malicious archive files with paths that traverse outside the intended extraction directory...

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12832 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12832 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12832

Arista NG Firewall vulnerability CVE-2024-12832: ReportEntry allows SQL injection due to insufficient validation of a user-supplied string used to build queries, enabling arbitrary file read/write and potential code execution under www-data. Authenticated requirement; no concrete fix/version info...

SUSE CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

Directory Traversal

Overview pghoard is a PostgreSQL automatic backup/restore service daemon Affected versions of this package are vulnerable to Directory Traversal that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard. Note: Depending on the permissions/privileges assign...

Arbitrary File Write

github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of the /api/asset/upload endpoint, which allows arbitrary file writing to the host and enables stored cross-site scripting via the file upload mechanism...

CVE-2024-12687

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...