GHSA-7545-FCXQ-7J24 GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

Exploit for CVE-2025-63946

CVE-2025-63946 Tencent PC Manager EoP version: PCManager Ver...

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

CVE-2021-45338

Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the 1 arbitrary file delete, 2 write and 3 reset security...

SeedDMS Path Traversal Vulnerability

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. A directory traversal vulnerability exists in SeedDMS versions prior to 5.1.8. An...

OpenStack Image Registry Delivery Service Arbitrary File Manipulation Vulnerability

The OpenStack Image Registry Delivery Service is an OpenStack project that stores, queries, and retrieves virtual machine images. An arbitrary file manipulation vulnerability exists in OpenStack Image Registry Delivery Service versions prior to 2014.1.4, and 2014.2.x versions prior to 2014.2.2,...