1501 matches found
HPE Aruba Networking Fabric Composer security vulnerabilities
HPE Aruba Networking Fabric Composer is a network orchestration software developed by the American company HPE. HPE Aruba Networking Fabric Composer has a security vulnerability, which stems from unsafe file operations related to the backup function. This vulnerability could allow authenticated...
SUSE-SU-2026:20129-1 Security update for python-virtualenv
This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458...
open-vm-tools: Insecure file handling
A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...
security-antipatterns-java
Security Anti-Patterns for Java AI coding agents write insecu...
PT-2026-3502
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.55.0 Description File Browser provides a file managing interface for tasks like uploading, deleting, and editing files. A flaw in the JSONAuth.Auth function allows unauthenticated attackers to identify valid...
CVE-2005-1657
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to 1 deletefolder.ctml, 2 deletemessage.ctml, 3 origmessage.ctml, or 4 readmessage.ctml, the Message.Id parameter to editmessage.ctm...
CVE-2016-10847
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath SEC-80...
CVE-2017-18648
An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...
CVE-2017-18388
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask SEC-315...
CVE-2020-17387
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
CVE-2026-22234
The CVE-2026-22234 issue affects OPEXUS eCasePortal (and related eComplaint) versions before 9.0.45.0, where an unauthenticated attacker can navigate to Attachments.aspx and, by iterating through predictable formid values, download or delete all user-uploaded files and even upload new ones. This ...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
PT-2026-1880
Name of the Vulnerable Software and Affected Versions fast-filesystem-mcp version 3.4.0 Description The software contains a path traversal issue in its file operation tools, including the fast read file function. This is due to insufficient path validation that does not resolve symbolic links to...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Exploit for CVE-2024-25600
🧱 BrickBreaker !Pythonhttps://img.shields.io/badge/Pytho...