CVE-2025-32779

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-3294

CVE-2025-3294 affects the WordPress WP Editor plugin up to version 1.2.9.1. The issue is an authenticated directory-traversal flaw (no proper file path validation) that can enable an attacker with Administrator-level access and above to overwrite arbitrary server files, potentially enabling remot...

WordPress plugin WP Editor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption...

CVE-2025-32817

CVE-2025-32817 is an "Improper Link Resolution" (CWE-59) vulnerability in the SonicWall Connect Tunnel Windows client (32/64 bit). The connected documents confirm the root cause as improper link resolution that may allow unauthorized file overwrite, potentially causing denial of service or file c...

SonicWall Connect Tunnel Windows Client Improper Link Resolution Vulnerability

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit Client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. CVE: CVE-2025-32817 Last updated: April 16, 2025, 12:30 p.m...

SonicWALL Connect Tunnel 安全漏洞

SonicWALL Connect Tunnel is a remote software from SonicWALL USA. A security vulnerability exists in SonicWALL Connect Tunnel that stems from improper link resolution, which could result in file overwriting or denial of service...

PT-2025-16879 · Sonicwall · Sonicwall Connect Tunnel

Name of the Vulnerable Software and Affected Versions: SonicWall Connect Tunnel Windows client affected versions not specified Description: The issue is related to an Improper Link Resolution vulnerability, which can result in unauthorized file overwrite. This potentially leads to denial of servi...

CVE-2025-32779

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

CVE-2025-32779 labsai/eddi Vulnerable to Path Traversal (Zip Slip) in ZIP Import Function

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the /backup/import API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability...

Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Bridge (CVE-2024-45672)

Summary A Security Vulnerability has been addressed in IBM Security Verify Bridge. Vulnerability Details CVEID:CVE-2024-45672 DESCRIPTION: IBM Security Verify Bridge could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a...

mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...

CVE-2025-3445

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...

CVE-2025-3445

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the...

CVE-2025-3445

CVE-2025-3445 (Zip Slip in mholt/archiver, Go) : A crafted ZIP can cause path traversal during archiver.Unarchive(zipFile, outputDir), permitting write/overwrite of files with the app’s privileges. This can lead to privilege escalation or code execution in affected setups. The advisory notes a TA...

PT-2025-16188 · Unknown · Mholt/Archiver

Name of the Vulnerable Software and Affected Versions: mholt/archiver versions affected versions not specified Description: A Path Traversal "Zip Slip" vulnerability has been identified in the mholt/archiver library in Go. This issue allows an attacker to use a crafted ZIP file containing path...

archives 路径遍历漏洞

archives is a cross-platform, multi-format Go library by the individual developer Matt Holt in France. A path traversal vulnerability exists in archives, which stems from a path traversal attack that could lead to arbitrary file overwrites...