JetBrains Rider 安全漏洞

JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider that stems from a custom archive unpacker allowing arbitrary file overwrites during a remote debugging session, which can be exploit...

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

Bizerba GT-SoftControl 安全漏洞

Bizerba GT-SoftControl is an HMI software from Bizerba. A security vulnerability exists in Bizerba GT-SoftControl that stems from insufficient validation of the file selection process could result in unauthorized file uploads and overwrites...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from a model export endpoint that does not restrict the export location, which could lead to arbitrary file overwrites...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0 that stems from the exportModelDetails function not validating user-controllable parameters, which could lead to arbitrary file overwrites...

CVE-2025-1785

CVE-2025-1785 refers to a Directory Traversal flaw in the WordPress Download Manager plugin (versions

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to overwrite arbitrary files via a specially crafted HTTP request...

CVE-2024-54462 Unsanitized Filenames in Flutter package image_picker_android Allow File Overwrites

The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...

CVE-2024-54461 Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites

The file names constructed within fileselector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via the /customcomponent endpoint. An attacker can access and leak source code from custom components by manipulating the file pa...

CVE-2024-34129

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories...

Open Neural Network Exchange Path Traversal Vulnerability

Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A path traversal vulnerability exists in Open Neural Network Exchange version 1.16.0, which stems from insufficient protection against path traversal attacks in...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Hub: insecure galaxy-importer tarfile extraction

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

Delta Electronics DIAEnergie 路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Red Hat Ansible Automation Security Vulnerability

Red Hat Ansible Automation is a software application from Red Hat, Inc. It provides a means to automate all aspects of an infrastructure, from servers and network devices to operating systems, applications, and security. A security vulnerability exists in Red Hat Ansible Automation Hub, which ste...

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

Debian: Security Advisory (DLA-729-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-20149 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS version 9.4.0.x Description: The issue is related to incorrect default permissions, allowing a local malicious user to potentially overwrite arbitrary files, which could cause a denial of service. Recommendations: For De...

K46524395: Appliance mode vulnerability CVE-2019-6614

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented i...