CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-48394

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center...

CVE-2025-48394

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center...

CVE-2025-48394

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version which is available on the Eaton download center...

PT-2025-32184 · Eaton · Eaton Cli

Name of the Vulnerable Software and Affected Versions: Eaton CLI affected versions not specified Description: An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the command-line interface CLI...

CVE-2025-54136

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...

RLSA-2025:9329 Important: perl-YAML-LibYAML security update

Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...

PT-2025-31322 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.6 macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 Description: A permissions issue was addressed with additional restrictions. A malicious app with root privileges may be able to modify the contents of...

CVE-2025-4394 Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

git: Git GUI can create and overwrite files for which the user has write permission

A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify th...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

gitk: Git file creation flaw

A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2025-53964

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

CVE-2025-53964

Removed by vendor...

PT-2025-29966 · Unknown +1 · Goldendict +1

Name of the Vulnerable Software and Affected Versions: GoldenDict versions 1.5.0 through 1.5.1 Description: GoldenDict versions 1.5.0 and 1.5.1 contain a dangerous method that allows reading and modifying files. This occurs when a user adds a crafted dictionary and then searches for any term...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

SUSE SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2025:01885-2)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01885-2 advisory. - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902 Tenable has extracted the...

PT-2025-29286

Name of the Vulnerable Software and Affected Versions: Multipass versions up to and including 1.15.1 Description: Incorrect default permissions in Canonical Multipass on macOS allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daem...