147 matches found
EUVD-2022-26062
Malicious code in bioql PyPI...
EUVD-2025-8214
Malicious code in bioql PyPI...
MONAI 路径遍历漏洞
MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A path traversal vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from improper handling of the extractall function and can lead to system file overwrites...
Linenoise 安全漏洞
Linenoise is an application by the individual developer Salvatore Sanfilippo. A security vulnerability exists in Linenoise that stems from a competing condition on history paths that could lead to arbitrary file overwrites and permission changes...
CLSA-2025-1754941200 openssh: Fix of 3 CVEs
CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...
CLSA-2025-1754940060 Fix CVE(s): CVE-2025-27613, CVE-2025-27614, CVE-2025-46835
SECURITY UPDATE: multiple vulnerabilities in Gitk and Git GUI - debian/patches/CVE-2025-27614CVE-2025-27613CVE-2025-46835.patch: Prevent script execution via specially crafted filenames in Gitk. Sanitize filename handling to avoid unintended file creation/truncation. Validate directory names in G...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
CBL Mariner 2.0 Security Update: vim (CVE-2025-53905)
The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53905 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's...
Traefik 安全漏洞
Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 2.11.27 and earlier, 3.0.0 through 3.4.4, and 3.5.0-rc1, which stems from a path traversal in the WASM plugin installation mechanism that could lead to...
CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...
K000152678: BusyBox vulnerability CVE-2025-46394
Security Advisory Description In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. CVE-2025-46394 Impact An attacker could exploit this vulnerability by creating a TAR archive containing malicious files with names...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
CVE-2025-46835
A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify th...
RaspAP 安全漏洞
RaspAP is the RaspAP open source application a simple wireless AP setup and management software for Debian-based devices. A security vulnerability exists in RaspAP version 3.3.1, which originates from a directory traversal and could lead to arbitrary file overwrites...
Streamline NX Client 3.5.0 < 3.243.0 Multiple Vulnerabilities (2025-000004 / 2025-000005)
The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.243.0. It is, therefore, affected by a vulnerability as referenced in the 2025-000004 and 2025-000005 advisories: - External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versio...
CVE-2025-32799
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...
PT-2025-25400 · Ricoh · Ricoh Streamline Nx V3 Pc Client
Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0 Description: An issue exists where an attacker can control file names or paths, allowing arbitrary files in the file system to be overwritten with log data if a specially crafted...
CVE-2020-36560
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
JetBrains Rider 安全漏洞
JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider that stems from a custom archive unpacker allowing arbitrary file overwrites during a remote debugging session, which can be exploit...