EUVD-2026-21515

Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble...

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

PT-2026-32004

Name of the Vulnerable Software and Affected Versions Bugsink versions 2.1.0 Description A file write issue exists in Bugsink 2.1.0 within the artifact bundle assembly process. An authenticated user with a valid authentication token can write content to a filesystem location accessible to the...

CVE-2026-23481

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

CVE-2026-23481

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

CVE-2026-23481 Blinko: Authenticated Arbitrary File Write - saveAdditionalDevFile

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

EUVD-2026-14531

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

CVE-2026-23481 Blinko: Authenticated Arbitrary File Write - saveAdditionalDevFile

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

CVE-2026-23481 Blinko: Authenticated Arbitrary File Write - saveAdditionalDevFile

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

CVE-2026-23481

CVE-2026-23481 affects Blinko, an AI-powered card note‑taking project. Before version 1.8.4, an authenticated user could perform an arbitrary file write via the saveAdditionalDevFile path, enabling potential tampering on the device hosting Blinko. The vulnerability is classified with CVSS v4.0 ba...

CVE-2026-23484 Blinko: Authenticated Arbitrary File Write - saveDevPlugin

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

CVE-2026-23484

Blinko (AI-powered card note-taking project) is affected in versions up to 1.8.3 where the fileName parameter is not filtered, enabling path traversal to write files anywhere on the file system. The vulnerability is exploitable by authenticated users (normal user) because the interface only requi...

PT-2026-27204

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

N8n < 1.121.3 Arbitrary File Write

According to its banner, the version of n8n running on the remote host is after 0.123.0 and before 1.121.3. It is, therefore, affected by an authenticated arbitrary file write. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

CVE-2025-54071

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...

CVE-2025-54071 RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

ManageEngine ADAudit Plus Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Authenticated File Write RCE', 'Description' = %q This module exploits security issues in ManageEngine ADAudit Plus pri...