7253 matches found
Zip Slip
Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of zipfile.extractalloutputdir. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences...
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
Summary The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of t...
APSB25-93 : Security update available for Adobe ColdFusion
Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system write...
GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...
CVE-2025-20335
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...
CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
CVE-2025-55824
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the podman kube play command. An attacker can cause sensitive data corruption and system crashes by supplying a malicious Kubernetes YAML file that results in overwriting critical host files. The attacker only...
Soft Serve 路径遍历漏洞
Soft Serve is a self-hostable command-line Git server from Charm Open Source. A path traversal vulnerability exists in Soft Serve 0.9.1 and earlier versions, which stems from an SSH API that allows an attacker to create or overwrite arbitrary files...
CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...
CVE-2025-58355
CVE-2025-58355 affects Soft Serve (self-hosted Git server). In versions ≤0.9.1, an attacker can create or override arbitrary files with uncontrolled data via the SSH API. The issue is resolved in version 0.10.0. Evidence in the initial document notes vulnerable versions and the fixed release; no ...
ceph: fix possible deadlock when holding Fwb to get inline_data
...
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
...
CVE-2025-20335
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...
CVE-2025-20335 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authenticatio...
CVE-2025-20335
Cisco fixed a directory-permissions vulnerability affecting Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 with SIP firmware. An unauthenticated, remote attacker could write arbitrary files to specific OS directories by sending crafted requests, exploiting weak directory ...
CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...
CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...