CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12422

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12422 Vulnerable Upgrade Feature (Arbitrary File Write)

Vulnerable Upgrade Feature Arbitrary File Write may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12422

The CVE-2025-12422 vulnerability affects Azure Access Technology BLU-IC2 and BLU-IC4 (up to and including version 1.19.5). A flaw in the upgrade feature allows arbitrary file writing, which could enable elevation of privileges to a super user on the device. Publicly documented details in PT-Secur...

CVE-2025-62725: From “docker compose ps” to System Compromise

Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, whil...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

Exploit for CVE-2025-22167

README — CVE-2025-22167 Atlassian Jira For defensive us...

EUVD-2025-36212

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

PT-2025-43987

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/fileupload endpoint, allowing path traversal sequences to be included. This can allow writing to any filename...

Linux Distros Unpatched Vulnerability : CVE-2025-26625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the content...

PT-2025-44043

Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2 Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary file...

CVE-2025-58078

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

CVE-2025-58078 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

EUVD-2025-35712

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

Directory Traversal

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Directory Traversal via the Plugin upload. An administrator with permissions to upload plugins can write files to arbitrary directories on the server ...