Lucene search
K

101 matches found

EUVD
EUVD
added 2025/11/26 12:50 a.m.4 views

EUVD-2025-199671

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.3CVSS6.9AI score0.01246EPSS
Exploits1References2
NVD
NVD
added 2025/10/17 8:15 p.m.7 views

CVE-2025-62511

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...

6.3CVSS0.00101EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/17 7:55 p.m.4 views

CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...

6.3CVSS6.2AI score0.00101EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/17 7:55 p.m.7 views

EUVD-2025-34935

yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...

6.3CVSS6AI score0.00101EPSS
Exploits0References2
CVE
CVE
added 2025/10/17 7:55 p.m.13 views

CVE-2025-62511

CVE-2025-62511 concerns yt-grabber-tui (C++ TUI app for YouTube downloads). In version 1.0, the loader (Settings.hpp: load_json_settings) checks for config.json with boost::filesystem::exists and, if missing, writes a default configuration via boost::property_tree::write_json. A local attacker wi...

6.3CVSS6.2AI score0.00101EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1856

Malware in sbrugna...

8.2CVSS7AI score0.07795EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.5 views

RockyLinux 9 : socat (RLSA-2025:10353)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:10353 advisory. socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 Tenable has extracted the preceding description block directly from the RockyLinux...

9.8CVSS7.1AI score0.00794EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/01 7:3 p.m.10 views

CVE-2025-9810 TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

6.8CVSS0.00099EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.4 views

PT-2025-33669

Name of the Vulnerable Software and Affected Versions: Copier versions 7.1.0 through 9.9.0 Description: Copier, a library and CLI application for rendering project templates, allows for the potential to write files outside the intended destination path when rendering a generated directory structu...

6.9CVSS6.1AI score0.00244EPSS
Exploits0References13
OSV
OSV
added 2025/08/11 5:24 p.m.3 views

GO-2025-3835 Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik...

9.8CVSS7.9AI score0.01071EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

SuperAGI 路径遍历漏洞

SuperAGI is an open source infrastructure application from SuperAGI Open Source. for building components, tools, frameworks, and models to implement open source AGI. A security vulnerability exists in SuperAGI version 0.0.14, which stems from an arbitrary file overwrite vulnerability in...

5CVSS6.7AI score0.00782EPSS
Exploits1References5
OSV
OSV
added 2025/07/15 9:15 p.m.1 views

DEBIAN-CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

4.1CVSS6.7AI score0.00731EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.4 views

Unspecified Vulnerability in Tenable Nessus

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

8.4CVSS6.9AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.5 views

CVE-2021-35958

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.getfile is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.getfile is not intended for untrusted archives...

9.1CVSS7.3AI score0.01864EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.8 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS7AI score0.01702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 a.m.6 views

CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...

6.3CVSS7.3AI score0.00422EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/01/17 11:59 a.m.3 views

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...

8.8CVSS7.4AI score0.09353EPSS
Exploits4References22
RedHat Linux
RedHat Linux
added 2024/12/19 12:52 p.m.4 views

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

9.1CVSS5.7AI score0.0067EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2024/12/12 8:51 a.m.2 views

Security update for socat

This update for socat fixes the following issues: CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory bsc1225462 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

5CVSS6.1AI score0.00794EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.1 views

CVE-2024-51127

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information...

5.4AI score0.0067EPSS
Exploits1References2
Rows per page
Query Builder