CVE-2025-69621

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

CVE-2025-69621

Comic Book Reader v1.0.95 is affected by an arbitrary file overwrite vulnerability in the file import process. This could allow overwriting critical internal files and potentially enable arbitrary code execution or exposure of sensitive information, as described across NVD, Red Hat, CVE lists, At...

CVE-2025-69621

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

CVE-2025-69621

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

CVE-2025-69618

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...

CVE-2025-69618

The CVE-2025-69618 entry concerns Tarot, Astro & Healing v11.4.0. A flaw in the file import process allows arbitrary file overwrite of critical internal files, potentially enabling arbitrary code execution or disclosure of sensitive information. Connected sources (e.g., Red Hat, NVD, CVE lists an...

FUXA contains an Unrestricted File Upload vulnerability

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /3/Parse and /3/Frames/framename/export endpoints. An attacker can overwrite arbitrary files on the server, including sensitive files such as private SSH keys or script files, by injecting...

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2026-1202)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow...

CVE-2026-24770

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

Relative Path Traversal

Overview @vltpkg/tar is an An extremely limited and very fast tar extractor Affected versions of this package are vulnerable to Relative Path Traversal via improper sanitization of file paths during the extraction process. An attacker can overwrite arbitrary files on the filesystem by crafting ta...

CVE-2026-24770

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

PT-2026-5027

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.1 Description RAGFlow, an open-source RAG Retrieval-Augmented Generation engine, contains a “Zip Slip” issue in the MinerU parser. This allows an attacker to overwrite arbitrary files on the server, potentially...

RAGFlow path traversal vulnerability

RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.23.1 contained a path traversal vulnerability. This vulnerability stemmed from an arbitrary file overwrite vulnerability in the MinerU parser, which could lead to...

Untrusted Search Path

Overview @pnpm/fetching.binary-fetcher is a fetcher for binary archives Affected versions of this package are vulnerable to Untrusted Search Path via the extractZipToTarget function and the use of unvalidated prefix values. An attacker can overwrite arbitrary files on the file system by supplying...

Directory Traversal

Overview @pnpm/store.cafs is a content-addressable filesystem for the packages storage Affected versions of this package are vulnerable to Directory Traversal via improper path normalization during tarball extraction on Windows. An attacker can overwrite files outside the intended directory by...