7257 matches found
CVE-2025-10854
The CVE-2025-10854 issue affects the txtai framework where loading compressed tar files as embedding indices is vulnerable: the existing path traversal protection does not account for symbolic links inside the tar, allowing an attacker to write arbitrary files on the filesystem when untrusted emb...
CVE-2025-34191
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
SUSE CVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
CVE-2025-34191
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
CVE-2025-34191
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
CVE-2025-34191
Vulnerability CVE-2025-34191 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Vasion Print Application versions prior to 20.0.1923 (macOS/Linux client deployments). The issue is an arbitrary file write via response file handling: tasks write respo...
CVE-2025-34191 Vasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlink Follow
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
CVE-2025-34191
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
CVE-2025-34191 Vasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlink Follow
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 macOS/Linux client deployments contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into file...
CVE-2025-59342
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
CVE-2025-57644
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...
CVE-2025-57644
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...
CVE-2025-10057
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the writetocustomfile function writing unfiltered PHP code to a file. This makes it possible for authenticated attackers,...
CVE-2025-57644
CVE-2025-57644 affects Accela Automation Platform 22.2.3.0.230103 (Test Script feature). An authenticated administrative user can execute arbitrary Java code on the server, enabling remote code execution. Additional flaws include improper input validation that allows arbitrary file write and serv...
CVE-2025-57644
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...
CVE-2025-57644
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write a...
PT-2025-38543
Name of the Vulnerable Software and Affected Versions Accela Automation Platform version 22.2.3.0.230103 Description Accela Automation Platform contains multiple issues within the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, potentially...
Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞
Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A security vulnerability exists in Vasion Print...
GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine
Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...
DragonFly vulnerable to arbitrary file read and write on a peer machine
Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...