Exploit for Link Following in 7-Zip

CVE-2025-55188-7z-exploit --- 7-Zip Symlink Arbitrary File...

Azure Linux 3.0 Security Update: vim (CVE-2025-53906)

The version of vim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53906 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's...

CLSA-2025-1754413251 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

CLSA-2025-1754413156 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...

CVE-2025-54386

A flaw was found in Traefik's plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector. Mitigation Mitigation for this issue is either not...

The vulnerability in the Git GUI graphical user interface relates to the insertion or modification of arguments, allowing attackers to create or overwrite arbitrary files.

The vulnerability of the Git GUI graphical user interface is related to the implementation or modification of arguments. Exploiting this vulnerability allows an attacker to create or overwrite arbitrary files...

PT-2025-31885 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.5.0b3.dev89 and below Description: pyLoad is a free and open-source Download Manager written in pure Python. A path traversal vulnerability exists in the pyLoad-ng CNL Blueprint via the package parameter, allowing arbitrary...

CVE-2025-54433

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

CVE-2025-54386

Traefik vulnerability CVE-2025-54386: a path traversal flaw in WASM Traefik’s plugin installation enables overwriting arbitrary files outside the plugin directory via crafted ZIP archives containing "../" sequences. Affected versions: 2.11.27 and earlier; 3.0.0–3.4.4; 3.5.0-rc1. Impact includes r...

CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

GHSA-Q6GG-9F92-R9WG Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

PT-2025-31705

Name of the Vulnerable Software and Affected Versions Traefik versions 2.11.27 and below Traefik versions 3.0.0 through 3.4.4 Traefik version 3.5.0-rc1 Description Traefik is an HTTP reverse proxy and load balancer. A path traversal vulnerability exists in the WASM Traefik’s plugin installation...

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user...

CVE-2025-41396

PowerCMS (Alfasado PowerCMS) is affected by CVE-2025-41396 due to a path traversal vulnerability in the file-upload feature. The root cause allows a product user to overwrite arbitrary files on the system. Affected versions are multiple PowerCMS releases; impact is arbitrary file overwrite, with ...