CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of file paths in the Downloader integration. An attacker can access arbitrary files on the system by supplying crafted path traversal sequences. Details A Directory Traversal attack also known...

Apache Struts 2.0.0 < 2.3.18 multiple vulnerabilities - Remote command execution and arbitrary file overwrite, Strict DMI does not work correctly(S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by multiple vulnerabilities as referenced in the S2-008 advisory. - The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during...

Langflow 安全漏洞

Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow versions prior to 1.7.0 that stems from a failure to restrict or normalize file paths, which could lead to arbitrary file creation or...

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2025-2568)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow...

Arbitrary Argument Injection

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...

GHSA-9XWC-HFWC-8W59 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144

CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...

PT-2025-51937

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...

PT-2025-53381

Name of the Vulnerable Software and Affected Versions C-Kermit versions through 10.0 Beta.12 aka 416-beta12 before 244644d Description A remote Kermit system can overwrite files on the local system or retrieve arbitrary files from the local system. Recommendations Update to a version later than...

Honeywell Multiple Industrial Printers Improper Privilege Management (CVE-2017-5671)

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriti...

GO-2025-4221 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel

SiYuan: ZipSlip - Arbitrary File Overwrite - RCE in github.com/siyuan-note/siyuan/kernel...

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

EUVD-2025-203095

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...

CVE-2025-65530

CVE-2025-65530 describes an eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit, affecting versions prior to 32.7.4. The vulnerability enables attackers to overwrite arbitrary files as root by scanning a crafted file, as stated in Red Hat, ENISA, NVD, CIRCL, CVE List, and...