68 matches found
CVE-2026-28269
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
CVE-2026-26362
Dell Unisphere for PowerMax, versions 10.2, contains a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files...
PT-2026-20757
Dell Unisphere for PowerMax, versions 10.2, contains a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files...
CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
UBUNTU-CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
Unspecified vulnerability in HCL AION (CNVD-2026-16399)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause modification of critical system files...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause modification of critical system files...
CVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...
EUVD-2025-199678
Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...
EUVD-2002-0353
Malware in sbrugna...
EUVD-2023-30889
Malicious code in bioql PyPI...
CVE-2024-46916
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...
PT-2025-35242
Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic Security Suite versions through 4.3.0 SR06 Description: The software contains functionality that allows the removal of critical system files before the filesystem is properly mounted, such as using a delete call in...
GHSA-227R-W5J2-6243 InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
InvokeAI Arbitrary File Deletion vulnerability
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2024-11042
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...
CVE-2024-11042
CVE-2024-11042 affects invoke-ai/invokeai v5.0.2. The web API endpoint POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion , enabling an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration files), potentially compromising integrity and availa...
CVE-2025-20119
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is du...