7263 matches found
BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-62424
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
CVE-2025-62424
CVE-2025-62424 concerns ClipBucket, a web-based video-sharing platform. A path traversal flaw exists in the /admin_area/template_editor.php endpoint for ClipBucket versions 5.5.2 - #146 and earlier, caused by inadequate validation of the file-loading path. This allows authenticated administrators...
CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
DEBIAN-CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
ArubaOS 8.10.x < 8.10.0.19 / 8.12.x < 8.12.0.6 / 8.13.x < 8.13.1.0 / 10.4.x < 10.4.1.9 / 10.7.x < 10.7.2.1 Multiple Vulnerabilities (HPESBNW04957)
The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities as referenced in the HPESBNW04957 advisory: - An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating...
Adobe Creative Cloud < 6.8.0.821 Arbitrary file system write (APSB25-95) (macOS)
The version of Adobe Creative Cloud installed on the remote macOS host is prior to 6.8.0.821. It is, therefore, affected by a vulnerability as referenced in the APSB25-95 advisory. - Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race...
CVE-2025-54271 Creative Cloud Desktop | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing...
CVE-2025-54271
CVE-2025-54271 affects Adobe Creative Cloud Desktop 6.7.0.278 and earlier. It is a Time-of-check Time-of-use (TOCTOU) race condition that could allow arbitrary file system writes by a low-privileged attacker, with no user interaction required. Connected sources (Red Hat, NVD, ENISA/EUVD, CNVD, et...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...
CVE-2025-37132
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...
CVE-2025-37132
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...
CVE-2025-37132
The CVE-2025-37132 entry is tied to ArubaOS web-based management interfaces (AOS-10 GW and AOS-8 Controller/Mobility Conductor). The vulnerability is an arbitrary file write that, when exploited by an authenticated attacker, could allow uploading arbitrary files and executing commands on the unde...
CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...
EUVD-2025-34444
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...