CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...

EUVD-2021-1856

Malware in sbrugna...

RockyLinux 9 : socat (RLSA-2025:10353)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:10353 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the RockyLinux...

CVE-2025-9810 TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

PT-2025-33669 · Copier · Copier

Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...

GO-2025-3835 Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik...

SuperAGI 路径遍历漏洞

SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version 0.0.14, which stems from an arbitrary file overwrite vulnerability in...

DEBIAN-CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

Unspecified Vulnerability in Tenable Nessus

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

CVE-2021-35958

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

Security update for socat

This update for socat fixes the following issues: CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory bsc1225462 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

CVE-2024-51127

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information...

PT-2024-27464 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.2.0 through 2.14.3 Description: The issue allows an attacker to initiate a dataset export or a backup from a project, task, or job that the victim user has permission to export into a cloud...

CVE-2024-21626

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...

CVE-2023-39107

An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks...

SUSE CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...