YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

esm.sh <= v136 - Arbitrary File Write via Path Traversal

esm.sh = 136 contains a path traversal caused by improper canonicalization of the X-Zone-Id HTTP header, letting attackers write files outside the intended storage directory, exploit requires crafted header input. id: CVE-2025-59342 info: name: esm.sh = v136 - Arbitrary File Write via Path...

GL.iNet <= 4.3.7 - Arbitrary File Write

GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

CVE-2026-49340

gonic is a music streaming server / Subsonic API implementation. Before v0.21.0, a logic error in ServeCreateOrUpdatePlaylist lets any authenticated Subsonic user, including non-admins, write playlist M3U content to an attacker-controlled absolute filesystem path on the host and create intermedia...

CVE-2026-49290 Slopsmith has path traversal in archive extractors that allows arbitrary file write → potential RCE

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

symfony/ux-toolkit Path Traversal allows arbitrary file write and read via crafted recipe manifest

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

CVE-2026-54414 FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

CVE-2026-54414

CVE-2026-54414 affects FileRise prior to 3.16.0. The vulnerability is a path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php) that enables arbitrary file write and, under certain conditions, administrator account takeover. Root cause: uploaded filenames are va...

CVE-2026-56078 PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

CVE-2026-56078

CVE-2026-56078 affects PraisonAI prior to 1.5.115, specifically a path traversal vulnerability in the MultiAgentMonitor component. The issue arises because agent IDs are not properly sanitized when building file paths, allowing an attacker to inject traversal sequences (e.g., ../) to access arbit...

CVE-2026-48716 nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes th...

CVE-2026-48716

CVE-2026-48716 involves nanobot prior to version 0.1.5.post4, where the WhatsApp bridge (bridge/src/whatsapp.ts) constructs a filesystem path from documentMessage.fileName without sanitization. The code concatenates a prefix with the raw fileName and passes it to path.join(mediaDir, outFilename),...

EUVD-2026-37818

BBOT: Arbitrary File Write in postmandownload Module...

CVE-2025-52465

GeoServer has an arbitrary file write vulnerability (CVE-2025-52465) in the Master Password Dump page. Before versions 2.26.4 and 2.27.3, an authenticated administrator with access to GeoServer’s security system can pass an absolute path as the target file name to the Master Password Dump page, c...

Palo Alto Networks Cortex XSOAR 8.10.x < 8.13.0.11 Path Traversal

According to its self-reported version, the Palo Alto Networks Cortex XSOAR application installed on the remote Linux host is affected by a path traversal vulnerability: - A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated...