EUVD-2025-206254

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

CVE-2025-14612

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

CVE-2025-14612 Quartus Prime Pro Edition Advisory

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

CVE-2025-14612 Quartus Prime Pro Edition Advisory

Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞

QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from QNAP Systems Taiwan, China. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from external control of file names or paths, which could result in reading or modifying files or...

CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

WordPress plugin Farm Agrico 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-33225

NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tamperi...

EUVD-2025-203483

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

NVIDIA Resiliency Extension 安全漏洞

NVIDIA Resiliency Extension is a Python package from NVIDIA. A security vulnerability exists in NVIDIA Resiliency Extension that originates from predictable log file names in log aggregation and could lead to elevation of privilege, code execution, denial of service, information disclosure, and...

CVE-2025-67720 Pyrofork has a Path Traversal in download_media Method

Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the downloadmedia method before using them in file path construction. When downloading media, if the user does not specify a custom filename...

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

PT-2025-49003

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

EUVD-2025-199103

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction...