2671 matches found
Medium: ansible-core
Issue Overview: A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home director...
Medium: ansible-core
Issue Overview: A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home director...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal through the rendermav function. An attacker can access or modify files on the server by manipulating the input to traverse outside the intended directory structure. Remediation Upgrade org.noear:solon-view-beetl ...
github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Impact A malicious user could feed a specially crafted archive to this library causing RCE, modification of files or other bad things in the context of whatever user is running this library as, through the program that imports it. The severity highly depends on the user's permissions and...
CVE-2025-27726
Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a...
Imperva Protects Against Apache Tomcat Deserialization Vulnerability
Overview A newly disclosed vulnerability, CVE-2025-24813, affecting Apache Tomcat, has been identified as a high-risk path equivalence vulnerability that allows attackers to manipulate filenames with internal dots . under specific conditions, leading to unauthorized file access, modification, and...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the use of files and directories accessible to external parties, allows a perpetrator to delete or modify any files they desire.
The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow attackers to delete or modify any arbitrary file...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation, related to the use of files and directories accessible to external parties, allows a perpetrator to delete or modify any files they desire.
The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow attackers to delete or modify any arbitrary file...
Linux Distros Unpatched Vulnerability : CVE-2018-20482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read...
CVE-2025-24965 .krun_config.json symlink attack creates or overwrites file on the host in crun
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current...
CVE-2025-24406
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
GHSA-954P-FF72-327W Adobe Commerce Path Traversal
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
Adobe Commerce Path Traversal
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
CVE-2025-24406
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
CVE-2025-24406
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
CVE-2025-24406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
CVE-2025-24406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this...
CVE-2025-24406
CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...
CVE-2022-4224
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...
CVE-2020-6293
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...