GHSA-RJ4J-2JPH-GG43 LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

CVE-2025-12741 Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution

A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...

CVE-2025-12741 Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution

A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...

CVE-2025-12741

CVE-2025-12741 affects Looker (Looker-hosted and Self-hosted) via Denodo driver when a Developer role user manipulates LookML to cause Looker to execute a malicious command. The Red Hat, NVD, and CVE list entries describe the vulnerability as an Arbitrary File Write in the Denodo dialect that can...

CVE-2025-54347

A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool from Desktop Alert USA. A security vulnerability exists in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2, which originates from a directory traversal and could result in writing to arbitrary files...

CVE-2025-54347

CVE-2025-54347 affects Desktop Alert PingAlert application server versions 6.1.0.11–6.1.1.2, with a Directory Traversal vulnerability that allows writing arbitrary files under certain conditions. The CVSS3.1 base score is 9.9 (Network, Privileges Low, User Interaction None, Scope Changed; Impact:...

Exploit for CVE-2025-11001

CVE-2025-11001 - 7-Zip High-severity symlink traversal in 7...

CVE-2025-64755

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

Command Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Command Injection due to improp...

KubeVirt Vulnerable to Arbitrary Host File Read and Write

...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in ZIP archives. An attacker can exploit this vulnerability by convincing a user to open or extract a crafted ZIP file containing malicious symlinks to unintended directories,...

EUVD-2025-198181

esm.sh CDN service has arbitrary file write via tarslip...

esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

GHSA-H3MW-4F23-GWPW esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...