6765 matches found
CLSA-2025-1762449077 Fix CVE(s): CVE-2023-30630
SECURITY UPDATE: Overwrite a local file - debian/patches/CVE-2023-30630.patch: Prevent --dump-bin from overwriting local files to address privilege escalation vulnerability - CVE-2023-30630...
CVE-2025-64108
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected fil...
PT-2026-22403
Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.0.16 Docker Desktop versions prior to 4.61.0 when Model Runner is enabled Description Docker Model Runner is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expo...
CVE-2025-64108
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected fil...
CVE-2025-64108
Cursor is an AI-assisted code editor with a vulnerability in versions 1.7.44 and below. The issue arises from NTFS path quirks that permit a prompt-injection attacker to bypass file protections and overwrite files that normally require human approval. Modifications to protected files can lead to ...
CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows
Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...
PT-2025-45062
Name of the Vulnerable Software and Affected Versions Cursor versions 1.7.44 and below Description Cursor, a code editor for programming with AI, has an issue where NTFS path quirks can be exploited by an attacker to bypass file protections and overwrite files that normally require user...
JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...
SUSE CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Arbitrary File Upload
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Arbitrary File Upload via the HTML editor provider. An attacker can overwrite existing files and potentially deface a website or...
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...
UBUNTU-CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
GHSA-GV8H-7V7W-R22Q Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
EulerOS 2.0 SP13 : git (EulerOS-SA-2025-2256)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command...
EulerOS 2.0 SP13 : vim (EulerOS-SA-2025-2314)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow overwriting of...
TencentOS Server 3: container-tools:rhel8 (TSSA-2025:0821)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0821 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2025-34935
yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...
CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation
yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...
CVE-2025-62511 yt-grabber-tui local arbitrary file overwrite via TOCTOU race in config file creation
yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use TOCTOU race condition CWE-367 in the creation of the default configuration file config.json. In version 1.0, loadjsonsettings in...