Fanvil x210 安全漏洞

The Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in Fanvil x210 V2 version 2.12.20, which originates from a directory traversal, and could allow an unauthenticated attacker on the local network to store files to an arbitrary location...

PT-2025-49259

Name of the Vulnerable Software and Affected Versions zdh web versions through 5.6.17 Description zdh web is a data collection, processing, monitoring, scheduling, and management platform. Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the...

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the UnZip function. An attacker can write files to arbitrary locations on the filesystem by crafting archive files with malicious extraction paths. Details A Directory Traversal attack also known as path traversa...

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

GHSA-Q5HG-WPPQ-R2CC alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

CVE-2025-8074

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...

EUVD-2025-201163

Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

Synology BeeDrive 访问控制错误漏洞

Synology BeeDrive is a backup and synchronization appliance from China-based Synology Inc. An access control error vulnerability exists in Synology BeeDrive, which originates from a local user being able to write to arbitrary files...

Linux Distros Unpatched Vulnerability : CVE-2025-40244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix KMSAN uninit-value issue in hfsplusextcacheextent The syzbot reported issue in hfsplusextcacheextent: 70.194323 T9350 BUG: KMSAN: uninit-value in...

CVE-2025-54307

CVE-2025-54307 affects Thermo Fisher Torrent Suite Django app 5.18.1. The vulnerable paths are /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/, where the plupload_file_upload handler constructs the destination path from an unsafe name parameter or uploaded f...

📄 Cleo LexiCom VLTrader Harmony 5.8.0.23 Unauthenticated Arbitrary File Write

Cleo LexiCom, VLTrader, and Harmony file transfer solutions versions 5.8.0.23 and below contain an unauthenticated remote code execution vulnerability that allows attackers to write arbitrary files to the system and execute commands through the software's autorun functionality. The vulnerability...

CVE-2025-34352

CVE-2025-34352 affects JumpCloud Remote Assist for Windows prior to v0.317.0. The Windows agent’s uninstaller runs with NT AUTHORITY\SYSTEM privileges and writes/deletes in a user-writable %TEMP% subdirectory without validating trust or ACLs. An attacker who pre-creates the temp directory (with w...

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

CVE-2025-34352 JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...

SUSE CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

Summary The fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main code path of fontTools.varLib, used by the fonttools varLib CLI and...